The Dublin, Ireland and Atlanta-based Waratek revealed security threats still exist despite Oracle's latest Critical Patch Update. The CPU provided fixes for the Meltdown and Spectre chip flaws and Java vulnerabilities.

The January 2018 Oracle Critical Patch Update contained fixes for 237 vulnerabilities across hundreds of Oracle products, including the company's widely used Oracle Database Server and Java Standard Edition. 

In its guidance, Waratek, the virtualization-based application security company, indicated the CPU included:

  • Fixes for the Java Virtual Machine and four other vulnerable components within the Oracle Database Server, the most severe of which carries a Common Vulnerability Scoring System base score of 9.1 out of 10; three flaws are exploitable remotely without credentials.
  • New security fixes for 21 vulnerabilities in multiple versions of Java SE, 18 of which are remotely exploitable without authentication. The most severe of the Java SE vulnerabilities has a CVSS base score of 8.3. The CPU included fixes for flaws in Java SE versions 6 through 9.
  • Two deserialization vulnerabilities identified in the Java platform by Waratek contain patched in the January 2018 CPU.
  • The number of vulnerabilities patched in the Java platform have doubled since January 2016.

What Waratek discovered is highly technical to many of the corporations and industries using Oracle products but not to cybercriminals looking to exploit any weakness.

Continue Reading for Free

Register and gain access to:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts.
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders.
  • Educational webcasts, white papers, and ebooks from industry thought leaders.
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).