The Dublin, Ireland and Atlanta-based Waratek revealed security threats still exist despite Oracle's latest Critical Patch Update. The CPU provided fixes for the Meltdown and Spectre chip flaws and Java vulnerabilities.
The January 2018 Oracle Critical Patch Update contained fixes for 237 vulnerabilities across hundreds of Oracle products, including the company's widely used Oracle Database Server and Java Standard Edition.
In its guidance, Waratek, the virtualization-based application security company, indicated the CPU included:
|- Fixes for the Java Virtual Machine and four other vulnerable components within the Oracle Database Server, the most severe of which carries a Common Vulnerability Scoring System base score of 9.1 out of 10; three flaws are exploitable remotely without credentials.
- New security fixes for 21 vulnerabilities in multiple versions of Java SE, 18 of which are remotely exploitable without authentication. The most severe of the Java SE vulnerabilities has a CVSS base score of 8.3. The CPU included fixes for flaws in Java SE versions 6 through 9.
- Two deserialization vulnerabilities identified in the Java platform by Waratek contain patched in the January 2018 CPU.
- The number of vulnerabilities patched in the Java platform have doubled since January 2016.
What Waratek discovered is highly technical to many of the corporations and industries using Oracle products but not to cybercriminals looking to exploit any weakness.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.