Oracle protects software products with 334 security updates
With its quarterly security updates, Oracle is once again securing its own software portfolio.
(Image: Tatiana Popova/Shutterstock.com)
Oracle's Critical Patch Update for October is here. The software manufacturer releases security patches on a quarterly basis. The developers have closed dangerous vulnerabilities in Banking Cash Management, E-Business Suite and VM VirtualBox, among others.
Admins should study the extensive list of affected software to find the patches they need and install them quickly. The list does not contain any specific references to attacks that are already underway. Nevertheless, admins should act quickly. They should also ensure that the patches from previous quarterly updates are installed. The majority of the gaps were discovered by external security researchers and reported to Oracle.
Far-reaching effects
Critical vulnerabilities include Commerce Guided Search (CVE-2022-46337), Communications Unified Assurance (CVE-2024-45492) and Outside In Technology (CVE-2024-21216). At these points, remote attackers can execute malicious code without authentication, among other things. Oracle is not currently specifying how this could work in detail.
Videos by heise
Many vulnerabilities are classified with the threat level "high". In some of these cases, malicious code can also get onto systems and compromise computers. Applications Manager, Banking Cash Management and Communications Cloud Native Core Policy are affected.
Outlook for further updates
Oracle has scheduled the next Critical Patch Update for January 21, 2025. In the meantime, however, the software manufacturer may also release emergency updates if required by ongoing attacks, for example.
(des)
