Oracle has issued 65 fixes for a wide range of software products as part of its quarterly security release, called the Critical Patch Update.The patches, released Tuesday, address problems in the company’s database, application server and e-business suite products, among others, according to Darius Wiles, manager of Oracle Security Alerts. More information on the patches can be found here.Some of the patches are also designed for client software that works with Oracle’s databases, he said. “There are 23 fixes for vulnerabilities that affect database servers and another four that apply to clients.”Included in the patches are fixes for an exploit that had been made public on the Bugtraq mailing list back in April, as well as a fix for a bug that Oracle had inadvertently disclosed on (and then quickly removed from) its own Metalink support service. The Bugtraq exploit can be found here. Oracle has released 10 fixes for its Application Server and 20 fixes for its E-Business Suite, Wiles said.Many of the vulnerabilities relate to a proprietary networking protocol used by Oracle’s database, called Oracle Net. This protocol has come under increased scrutiny over the past year, according to Amichai Shulman, chief technology officer with Imperva. “No one has explored these options up until now,” Shulman said. “Once people dive into these obscure protocols, they are sure to find many vulnerabilities.”Often network vulnerabilities can be the most dangerous, he said, “because you don’t need any database credentials in order to exploit them.”Oracle’s next critical patch update is scheduled for Oct. 17.— Robert McMillan, IDG News Service (San Francisco Bureau)Related Link:Oracle CSO Lambastes Faulty CodingKeep checking in at our Security Feed page for updated news coverage. Related content feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Data and Information Security news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management news Intel Trust Authority attestation services now in general availability Formerly known as Project Amber, Intel’s attestation services support confidential computing deployments. By Michael Nadeau Sep 20, 2023 3 mins Zero Trust Security Hardware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe