Cyber Security

Oracle’s October 2021 CPU Contains 419 Safety Patches

Oracle on Tuesday introduced the discharge of its newest quarterly Essential Patch Replace (CPU), which features a whole of 419 safety patches for vulnerabilities throughout the corporate’s portfolio.

Simply over half of the patches tackle vulnerabilities that might be exploited remotely with out authentication, Oracle introduced.

Of the 419 new safety patches within the October 2021 CPU, 36 cope with vital vulnerabilities, with one in all them that includes a CVSS rating of 10. The CPU additionally addresses 60 vulnerabilities that characteristic a CVSS rating between 8 and 9.

Oracle Communications obtained the most important variety of patches on this CPU, at 71. Of those, 56 vulnerabilities might be exploited remotely with out authentication.

MySQL additionally obtained numerous fixes, particularly 66. Exploitation of 10 of the addressed points may be executed remotely, with out authentication.

Monetary Companies Functions obtained 44 safety patches (26 of the vulnerabilities might be exploited by distant, unauthenticated attackers), whereas Fusion Middleware obtained 38 (30 safety holes remotely exploitable with out authentication).

Different Oracle software program to have obtained greater than ten safety fixes contains Retail Functions (26 patches – together with 9 flaws remotely exploitable with out authentication), Communications Functions (19 – 14), E-Enterprise Suite (18 – 4), PeopleSoft (17 – 8), Insurance coverage Functions (16 – 11), Java SE (15 – 13), Development and Engineering (12 – 7), and JD Edwards (11 – 8).

Oracle additionally launched safety patches for Commerce, Database Server, Essbase, Enterprise Supervisor, GoldenGate, Graph Server and Shopper, Well being Sciences Functions, Hospitality Functions, Hyperion, REST Information Companies, Safe Backup, Siebel CRM, Provide Chain, Methods, Utilities Functions, and Virtualization.

The corporate introduced that, whereas no new patches had been launched for World Lifecycle Administration, NoSQL, Spatial Studio, and SQL Developer, updates rolling out for them tackle third-party vulnerabilities.

Among the safety patches launched for different Oracle software program tackle further vulnerabilities as effectively, together with in third-party parts.

As standard, Oracle urges customers and directors to use the newly launched patches in a well timed method, warning that attackers are always concentrating on recognized vulnerabilities in its merchandise, for which fixes can be found.

“In some cases, it has been reported that attackers have been profitable as a result of focused prospects had failed to use accessible Oracle patches. Oracle subsequently strongly recommends that prospects stay on actively-supported variations and apply Essential Patch Replace safety patches directly,” the corporate says.

Oracle plans to launch the following quarterly CPU on January 18, 2022.

Associated: Oracle Releases July 2021 CPU With 342 Security Patches

Associated: Oracle Delivers 390 Security Fixes With April 2021 CPU

Associated: Oracle’s January 2021 CPU Contains 329 New Security Patches

view counter

Ionut Arghire is a world correspondent for SecurityWeek.

Earlier Columns by Ionut Arghire:

Source link

Cyber Security

Android October patch fixes three essential bugs, 41 flaws in whole

Google has launched the Android October safety updates, addressing 41 vulnerabilities, all ranging between excessive and significant severity.

On the fifth of every month, Google releases the whole safety patch for the Android OS which comprises each the framework and the seller fixes for that month. As such, this replace additionally incorporates fixes for the ten vulnerabilities that have been addressed within the Safety patch stage 2021-10-01, launched a few days again. 

The high-severity flaws fastened this month concern denial of service, elevation of privilege, distant code execution, and data disclosure points.

The three essential severity flaws within the set are tracked as:

  • CVE-2021-0870: Distant code execution flaw in Android System, enabling a distant attacker to execute arbitrary code inside the context of a privileged course of.
  • CVE-2020-11264: Crucial flaw affecting Qualcomm’s WLAN part, in regards to the acceptance of non-EAPOL/WAPI frames from unauthorized friends obtained within the IPA exception path.
  • CVE-2020-11301: Crucial flaw affecting Qualcomm’s WLAN part, in regards to the acceptance of unencrypted (plaintext) frames on safe networks.

Crucial however unexploited

Not one of the 41 flaws addressed this month have been reported to be underneath lively exploitation within the wild, so there ought to be no working exploits for them circulating on the market.

Older units which might be not supported with safety updates now have an elevated assault floor, as a few of the vulnerabilities fastened this month are glorious candidates for menace actors to create working exploits sooner or later.

Bear in mind, Android safety patches aren’t certain to Android variations, and the above fixes concern all variations from Android 8.1 to Android 11. As such, the OS model isn’t a figuring out think about whether or not or not your gadget remains to be supported.

When you have confirmed that your gadget has reached the EOL date, you must both set up a third-party Android distribution that also delivers month-to-month safety patches in your mannequin, or exchange it with a brand new one.

Android followers have been eagerly ready for the discharge of model 12, which was rumored for October 4, 2021, however what they received as a substitute was the source of Android 12 pushed to the Android Open Source Project.

This step signifies that the precise launch is simply across the nook, and OTA improve alerts may hit eligible units, just like the Pixel, very quickly.

Source link