Security News

A pair of vulnerabilities in Oracle's iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. The bugs are specifically found in the web administration console of iPlanet version 7, which has reached end-of-life and is no longer supported - hence no patches.

Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.

Oracle warned customers on Thursday that threat actors have been spotted attempting to exploit multiple recently patched vulnerabilities, including a critical WebLogic Server flaw tracked as CVE-2020-2883. Oracle's April 2020 Critical Patch Update resolves nearly 400 vulnerabilities, including CVE-2020-2883, a critical flaw in Oracle WebLogic Server that can be exploited by an unauthenticated attacker for remote code execution.

Oracle this week released its April 2020 collection of security patches, which includes a total of 397 fixes for vulnerabilities affecting two dozen products. Roughly 60 of the newly addressed vulnerabilities are considered critical severity, with more than 55 of them featuring a CVSS score of 9.8.

Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Impacted with multiple critical flaws, rated 9.8 CVSS in severity, are 13 key Oracle products including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications and Oracle Support Tools, according to the company's April Critical Patch Update Pre-Release Announcement, posted Monday.

On the second day of the Pwn2Own 2020 hacking competition, participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. Amat Cama and Richard Zhu of team Fluoroacetate earned $50,000 for demonstrating that they could hijack a system by exploiting use-after-free vulnerabilities in Adobe Reader and the Windows kernel.

Infosys, a global leader in next-generation digital services and consulting, leverages Oracle Cloud technologies to empower businesses across Europe to transform into 'Live Enterprises', helping them drive intuitive decisions, automate processes, create new user experiences and reinvent businesses for accelerated growth. Bpost, Belgium's leading postal operator, worked with Infosys to replace a previous Oracle ERP solution with a new system using Oracle Cloud Solutions.

This includes the number of security patches it issues - which with the January 2020 update reached a joint record of 334, matching an identical number released in July 2018. Unlike rivals such as Microsoft, Oracle only releases security patches every three months so that's part of the explanation for the size of its updates, which now routinely head towards 300.

Oracle has released a sweeping set of security patches across the breadth of its software line. The January update, delivered one day after Microsoft, Intel, Adobe, and others dropped their scheduled monthly patches, addresses a total of 334 security vulnerabilities across 93 different products from the enterprise giant.

Oracle has released its first Critical Patch Update for 2020, which includes a total of 334 new security patches across multiple product families. The company notes that 40 of the new patches address critical issues.