Oracle on Tuesday announced the release of 508 new security patches as part of the July 2023 CPU, including more than 75 patches that resolve critical-severity vulnerabilities.
More than 350 of the security patches address vulnerabilities that can be exploited remotely, without authentication. Some of these flaws impact multiple products, Oracle’s advisory reveals.
As part of this quarterly set of security updates, Financial Services received the largest number of patches, at 147. Of the resolved vulnerabilities, 115 can be exploited by remote, unauthenticated attackers with network access.
Oracle’s July 2023 CPU includes 77 security patches for Communications, with 57 of the flaws remotely exploitable without authentication.
Fusion Middleware received 60 security patches, including fixes for 40 remotely exploitable, unauthenticated bugs. Communications Applications (40 patches – 30 issues exploitable remotely without authentication), Analytics (32 – 23), and MySQL (24 – 11) received numerous fixes as well.
On Tuesday, Oracle also announced patches for Utilities Applications, Supply Chain, Retail Applications, Java SE, PeopleSoft, Siebel CRM, Commerce, Enterprise Manager, Construction and Engineering, E-Business Suite, JD Edwards, and over a dozen other products.
Successful exploitation of some of these vulnerabilities may lead to complete application or system compromise, Oracle says. Many of the updates also include additional third-party patches.
On Tuesday, Oracle also released the July 2023 Solaris bulletin, which includes 17 new security patches, including 11 for vulnerabilities that are remotely exploitable, without authentication. Two of the vulnerabilities are rated ‘critical severity’.
The tech giant also announced the release of 42 new security patches as part of its July 2023 Linux bulletin.
Customers are advised to apply the available patches in a timely manner, or to block network access to unpatched applications, to reduce the risk of an attack. Unpatched Oracle products are known to have been targeted in the wild.
“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the tech giant notes.
Related: Oracle Releases 433 New Security Patches With April 2023 CPU
Related: Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
Related: Oracle’s First Security Update for 2023 Includes 327 New Patches
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
