I still need the reassurance of a familiar brand before it's a real story - Tony Maddox, CNN senior VP
ENTERPRISE VENDOR Oracle has released a huge security patch set to fix 88 security vulnerabilities across 30 product lines.
Oracle's most recent quarterly Critical Patch Update released today addresses 33 remote code execution (RCE) vulnerabilities, critical software flaws that allow a remote attacker to exploit targeted software without prior authentication.
This particularly high number of patches is apparent when comparing its 2011 equivalent, which had 16 RCEs among 78 patches.
However, a Java update is not included in this update as the product is managed on a separate schedule. The previous Java update was released in February and didn't include a version for the Mac OS X operating system, which was a pain for Mac users, particularly those hit by attacks.
Apple later released its own patch addressing Java vulnerabilities because the lack of an update from Oracle allowed cyber criminals to exploit vulnerabilities in Mac OS X using variants of the Flashback Trojan.
The CTO of security firm Qualys, Wolfgang Kandek warned about Oracle's large patch release in a blog post.
He said, "Of the mainstream software lines, MySQL and the Siebel Clinic product are not affected by the RCE type vulnerabilities; system administrators and users of all other software lines should be prepared to review the release with care."
"We recommend addressing vulnerabilities on systems that are Internet accessible first. Most likely this will mean fixing Glassfish/iPlanet and Solaris vulnerabilities first, followed by MySQL. Oracle RDBMS can probably be addressed last as these systems tend to be installed in internal networks or well firewalled if they are connected to the Internet at all," he added. µ
Sign up for INQbot – a weekly roundup of the best from the INQ