Oracle Corporation (NASDAQ:ORCL) said it will release 128 new security vulnerability fixes for hundreds of products today.
According to the pre-release announcement of the company, the patch update for 2013 is critical because it resolves the vulnerabilities of multiple products. Customers are advised to apply the critical patch update as soon as possible because of the threat posed by a successful attack.
Oracle Corporation (NASDAQ:ORCL) used the standard common vulnerability scoring system (CVSS) of 2.0 scoring in the critical patch update to fix security problems. According to the software maker, the highest CVVSS base score for vulnerabilities in the critical patch update is 10.0 for Oracle JRockit of Oracle Fusion Middleware and Workload Manager of Oracle Database server.
The software giant announced that it will release four security fixes for the Oracle database server. According to Oracle Corporation (NASDAQ:ORCL), the critical patch update will resolve issues affecting the application express, network layer, and workload manager.
The company will also release 29 new security fixes for Oracle Fusion Middleware. Oracle explained that 22 of the vulnerabilities may be remotely exploitable without authentication. The components affected include Oracle Containers for J2EE, Oracle COREid Access, Oracle GoldenGate Veridata, Oracle HTTP Server, Oracle JRockit, Oracle Outside In Technology, Oracle Web Services Manager, Oracle WebCenter Capture, Oracle WebCenter Content, Oracle WebCenter Interaction, Oracle WebCenter Sites, and Oracle WebLogic Server.
Oracle Corporation’s Oracle E-Business Suite will have 6 security updates to fix the problems affecting the Oracle Application Library, Oracle Application Manager, Oracle Application Technology Stack, Oracle HRMS, and Oracle iStore. It will also release 3 security fixes for Oracle Supply Chain Products, and 11 security fixes for PeopleSoft Products.
Numerous critical fixes will be deployed across its several other products including the web plug Java, which will receive 42 security fixes. Oracle’s latest critical patch update contains more security fixes that the previous critical patch updates with 86 fixes. Out of 128 vulnerabilities, only three issues were not remotely exploitable, which means all the affected components are vulnerable and can be attacked over a network with the need for a user name or password.
Last February, hackers attacked the internal networks of a number of websites including Apple Inc. (NASDAQ:AAPL) Twitter, and Facebook Inc (NASDAQ:FB), all caused by a zero-day vulnerability in Java. Apple pushed for a Java update after a number of its corporate MACs were hacked. The New York Times also reported that Chinese hackers attacked its website.
