This week, Oracle released their quarterly Critical Patch Update (CPU) for October 2012, as well as a separate Java SE security patch. Apple also released OS X Java updates, in relation to Oracle's Java patch. I describe all these updates below. Oracle CPU for October 2012: Oracle CPUs are collections of security updates, which fix vulnerabilities in a wide-range of Oracle … [Read more...]
Critical Java Vulnerabilities Update: Apple OS X Patched
Last week, I posted an alert about some highly critical flaws in Oracle Java; especially one in particular (CVE-2012-4681), which attackers have aggressively exploited in the wild. If an attacker can lure you to a web page or link containing malicious Java content, he can exploit these flaws to execute code on your computer, potentially gaining complete control of it. Oracle … [Read more...]
Oracle's Out-of-Cycle Java Update Closes Two Serious Zero Day Holes
Severity: High Summary: These vulnerabilities affect: Current versions of Oracle Java Runtime Environment (JRE) and Java Development Kit (JDK) running on all platforms How an attacker exploits them: Multiple vectors of attack, including luring your users to a malicious web page containing specially crafted Java Impact: In the worst case, an attacker can gain complete … [Read more...]
Oracle Releases Out-of-Cycle Update for Blackhat Database Server Flaw
If you're an Oracle administrator, hopefully you saw the text version of WatchGuard Security Week in Review a few weeks ago, where I mentioned Oracle's big quarterly patch day for July 2012. If you missed that, you better check out their July CPU update, and apply all its patches. However, even if you managed to apply Oracle's July patches, they have one more update in store … [Read more...]
Oracle's April Critical Patch Update Fixes 88 Vulnerabilities
Yesterday, Oracle released their quarterly Critical Patch Update (CPU) for April 2012. Oracle CPUs are collections of security updates, which fix security flaws in the wide-range of products Oracle offers. According to their April advisory, this quarter's CPU fixes 88 vulnerabilities in many of their products, including Oracle Database Oracle Application Server Oracle … [Read more...]