Oracle fixes 127 vulnerabilities in its products
Posted on 16 October 2013.
Bookmark and Share
The story here is that Oracle has synced up their Java patching with the rest of their patching cycle and, when it comes to vulnerabilities, Java always steals the show.

The CPU includes fixes for 127 vulnerabilities in Oracle products, but aside from Java, it's mostly ho-hum, low impact stuff. There's a CVSS 8.5 vulnerability in MySQL's Enterprise Service manager, but besides the Java patches, nothing else jumps out as particularly interesting.

The Java patches include 51 of the 127 addressed issues. Of the 51 issues, 21 are CVSS scores of 9 or higher, meaning they would allow an attacker to gain control of the system in the context of the running user with limited complexity to exploit.

The vast majority of these issues affect the Java browser plugin and users, first and foremost, are advised to keep up-to-date with patches. Secondly, users should take advantage of all the signing and execution restrictions offered by the latest plugin versions.

Ideally, users will disable Java plugins unless it is specifically needed and then run it only in a browser which you only use for those one or two sites that require the plugin. Otherwise, run Java in the most restricted mode and only allow signed applets from whitelisted sites to run.

Author: Ross Barrett, Senior Manager, Security Engineering, Rapid7.


Nine patterns make up 92 percent of security incidents

Posted on 23 April 2014.  |  Researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Apr 24th