Oracle fixes 127 vulnerabilities in its products
Posted on 16 October 2013.
The story here is that Oracle has synced up their Java patching with the rest of their patching cycle and, when it comes to vulnerabilities, Java always steals the show.

The CPU includes fixes for 127 vulnerabilities in Oracle products, but aside from Java, it's mostly ho-hum, low impact stuff. There's a CVSS 8.5 vulnerability in MySQL's Enterprise Service manager, but besides the Java patches, nothing else jumps out as particularly interesting.

The Java patches include 51 of the 127 addressed issues. Of the 51 issues, 21 are CVSS scores of 9 or higher, meaning they would allow an attacker to gain control of the system in the context of the running user with limited complexity to exploit.

The vast majority of these issues affect the Java browser plugin and users, first and foremost, are advised to keep up-to-date with patches. Secondly, users should take advantage of all the signing and execution restrictions offered by the latest plugin versions.

Ideally, users will disable Java plugins unless it is specifically needed and then run it only in a browser which you only use for those one or two sites that require the plugin. Otherwise, run Java in the most restricted mode and only allow signed applets from whitelisted sites to run.

Author: Ross Barrett, Senior Manager, Security Engineering, Rapid7.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st