The Dublin, Ireland and Atlanta-based Waratek revealed security threats still exist despite Oracle's latest Critical Patch Update. The CPU provided fixes for the Meltdown and Spectre chip flaws and Java vulnerabilities.

The January 2018 Oracle Critical Patch Update contained fixes for 237 vulnerabilities across hundreds of Oracle products, including the company's widely used Oracle Database Server and Java Standard Edition. 

In its guidance, Waratek, the virtualization-based application security company, indicated the CPU included:

  • Fixes for the Java Virtual Machine and four other vulnerable components within the Oracle Database Server, the most severe of which carries a Common Vulnerability Scoring System base score of 9.1 out of 10; three flaws are exploitable remotely without credentials.
  • New security fixes for 21 vulnerabilities in multiple versions of Java SE, 18 of which are remotely exploitable without authentication. The most severe of the Java SE vulnerabilities has a CVSS base score of 8.3. The CPU included fixes for flaws in Java SE versions 6 through 9.
  • Two deserialization vulnerabilities identified in the Java platform by Waratek contain patched in the January 2018 CPU.
  • The number of vulnerabilities patched in the Java platform have doubled since January 2016.

 

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.