Yesterday (July 18), Oracle addressed a total of 65 security vulnerabilities across a range of its products. This is Oracle’s regular quarterly security update.
Darius Wiles, Oracle’s Security Director, stated that among the 65 vulnerabilities patched this time, several are particularly noteworthy. Notably, 27 of these vulnerabilities could be exploited remotely by hackers. Oracle advises users to promptly install the patches.
“We must quickly address these security vulnerabilities due to their urgent nature. Most of the patches this time aim to fix the most critical security issues. We recommend that users install the patches as soon as possible,” Wiles mentioned in a recent interview.
Among the 65 vulnerabilities patched this time, Oracle’s database software products accounted for 23 vulnerabilities. The remaining vulnerabilities pertained to Collaboration Suite (1 vulnerability), Application Server (10 vulnerabilities), E-Business Suite (20 vulnerabilities), Enterprise Manager (4 vulnerabilities), PeopleSoft Enterprise Portal Software (2 vulnerabilities), and JD Edwards software (1 vulnerability).
Additionally, this Critical Patch Update also addresses 4 other security vulnerabilities in Oracle client database application software. This is only the second time this year that Oracle has released a patch update for software running on personal computers. The first occurrence was during the security update released in January 2005.
“Customers may consider installing patches for software running on personal computers. However, for server software, patches need to be installed as soon as possible,” Wiles stated.
Among the 4 security vulnerabilities in client software, 3 are considered severe, as they can be exploited remotely without any user interaction.
In April, Oracle faced significant criticism for not releasing patches for all products simultaneously. The company is currently reviewing its patch release process. “Our goal is to release the highest quality patches on a single official day,” Wiles affirmed.
This Critical Patch Update from Oracle must include patches for a total of 250 security vulnerabilities across Oracle products running on various operating systems. However, at least 10 vulnerabilities still do not have patches available. “Patches for these vulnerabilities will be released in the near future,” Wiles confirmed.
As of now, Oracle has not recorded any attacks executed through the exploitation of the vulnerabilities addressed in this Critical Patch Update.
Hoàng Dũng
