Security News

Oracle warned customers on Thursday that threat actors have been spotted attempting to exploit multiple recently patched vulnerabilities, including a critical WebLogic Server flaw tracked as CVE-2020-2883. Oracle's April 2020 Critical Patch Update resolves nearly 400 vulnerabilities, including CVE-2020-2883, a critical flaw in Oracle WebLogic Server that can be exploited by an unauthenticated attacker for remote code execution.

Oracle this week released its April 2020 collection of security patches, which includes a total of 397 fixes for vulnerabilities affecting two dozen products. Roughly 60 of the newly addressed vulnerabilities are considered critical severity, with more than 55 of them featuring a CVSS score of 9.8.

Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Impacted with multiple critical flaws, rated 9.8 CVSS in severity, are 13 key Oracle products including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications and Oracle Support Tools, according to the company's April Critical Patch Update Pre-Release Announcement, posted Monday.

On the second day of the Pwn2Own 2020 hacking competition, participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. Amat Cama and Richard Zhu of team Fluoroacetate earned $50,000 for demonstrating that they could hijack a system by exploiting use-after-free vulnerabilities in Adobe Reader and the Windows kernel.

Infosys, a global leader in next-generation digital services and consulting, leverages Oracle Cloud technologies to empower businesses across Europe to transform into 'Live Enterprises', helping them drive intuitive decisions, automate processes, create new user experiences and reinvent businesses for accelerated growth. Bpost, Belgium's leading postal operator, worked with Infosys to replace a previous Oracle ERP solution with a new system using Oracle Cloud Solutions.

This includes the number of security patches it issues - which with the January 2020 update reached a joint record of 334, matching an identical number released in July 2018. Unlike rivals such as Microsoft, Oracle only releases security patches every three months so that's part of the explanation for the size of its updates, which now routinely head towards 300.

Oracle has released a sweeping set of security patches across the breadth of its software line. The January update, delivered one day after Microsoft, Intel, Adobe, and others dropped their scheduled monthly patches, addresses a total of 334 security vulnerabilities across 93 different products from the enterprise giant.

Oracle has released its first Critical Patch Update for 2020, which includes a total of 334 new security patches across multiple product families. The company notes that 40 of the new patches address critical issues.

ManageEngine, the IT management division of Zoho Corporation, announced that Applications Manager, its server, cloud, and application performance monitoring solution, now supports Oracle Autonomous Database. Oracle Autonomous Database has gained notable traction since its arrival last year, owing to its agility and support for even the most demanding applications.

The CPU ties for Oracle's previous all-time high for number of patches issued, in July 2019, which overtook its previous record of 308 in July 2017. The updates include fixes for Oracle's most widely deployed products, including the Oracle Database Server; Oracle Enterprise Manager; Oracle Fusion Middleware; 19 new security patches for Oracle MySQL; and the Oracle E-Business Suite.