Oracle released on July 17 a sizeable security update fixing 87 vulnerabilities spanning a number of products, including 24 for the Oracle Sun product suite.
The most critical of the vulnerabilities impacts the Oracle JRockit Java Virtual Machine (CVE-2012-3135), and has a base score of 10.0—the highest possible rating. From an exploitation standpoint, a 10.0 score is a “perfect storm,” explained Rapid7 Security Researcher Marcus Carey, because it can be accessed remotely, has low complexity and can result in a complete compromise of the vulnerable software.
Besides the two-dozen bugs tied to the Sun product suite, the update includes 22 security fixes for Oracle Fusion Middleware; a security fix for Oracle Hyperion; nine for Oracle PeopleSoft products; seven for Oracle Siebel CRM; one for Oracle Industry Applications; six for MySQL; four for the Oracle E-Business suite; one for Oracle Enterprise Manager Grid Control; five for the Oracle Supply Chain product suite; four for the Oracle Database Server; a fix for Oracle Application Express Listener and two for Oracle Secure Backup Apache Component. (Read More)