Oracle on Tuesday announced 441 new security patches as part of its April 2024 Critical Patch Update. More than 200 of them address flaws that can be exploited by remote, unauthenticated attackers.
SecurityWeek has identified roughly 230 unique CVEs in Oracle’s April 2024 CPU. More than 30 security patches address critical-severity vulnerabilities.
Oracle Communications received the largest number of security patches this month, at 93. Of these, 71 address bugs that are remotely exploitable, without authentication.
Next in line are Fusion Middleware (51 security patches – 35 addressing remotely exploitable, unauthenticated issues), Financial Services Applications (49 – 30), and E-Business Suite (47 – 43).
Numerous patches were also released for MySQL (36 patches – 9 for vulnerabilities exploitable remotely, without authentication), Systems (22 – 16), Communications Applications (14 – 10), Java SE (13 – 10), Virtualization (13 – 1), Analytics (12 – 5), Enterprise Manager (11 – 7), PeopleSoft (10 – 5), and Retail Applications (10 – 9).
Other Oracle products that received security patches this month include Database Server, Commerce, Construction and Engineering, Insurance Applications, Supply Chain, Support Tools, Food and Beverage Applications, HealthCare Applications, Utilities Applications, Hyperion, Hospitality Applications, Health Sciences Applications, Autonomous Health Framework, Big Data Spatial and Graph, Global Lifecycle Management, and GoldenGate.
The patches for some of these applications address additional security defects as well and some of them resolve multiple non-exploitable flaws. Oracle has released separate fixes for vulnerabilities that impact multiple applications.
Oracle customers are advised to apply the patches as soon as possible.
“It has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the tech giant notes.
On Tuesday, Oracle also announced the release of 13 new security patches for third-party components in the Solaris operating system, 71 new patches for Oracle Linux, and 3 new security patches for the Oracle VM Server for x86.
Related: Oracle Patches 200 Vulnerabilities With January 2024 CPU
Related: Oracle Patches 185 Vulnerabilities With October 2023 CPU
Related: Oracle Releases 508 New Security Patches With July 2023 CPU
