Administrators who support Java applications and various Oracle databases should pay close attention to the latest quarterly security update from Oracle, as more than a third of the security fixes affect Java, MySQL, and Oracle Database Server. Several of these vulnerabilities are considered critical and could be remotely exploited without requiring authentication, Oracle said.
Oracle doesn't state in the Critical Patch Update (CPU) whether any of the vulnerabilities are currently being exploited in the wild. However, it warns that attackers continue to target security holes for which fixes are already available. "In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," the company said in an advisory.
To read this article in full or to leave a comment, please click here