Oracle has released this year's final batch of security updates (opens in new tab), fixing many high-severity vulnerabilities across a range of products. In total, the batch addresses 402 issues, 230 of which address critical flaws.
In a follow-up advisory, the company said that many of the vulnerabilities were being exploited in the wild and urged its customers to deploy patches as soon as possible.
"In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the advisory reads (opens in new tab).
“Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay."
You can find the full list of products affected by these vulnerabilities here (opens in new tab), with notable mentions including Oracle Enterprise Manager, Big Data Spatial and Graph, MySQL Cluster, Enterprise Monitor, Server and Workbench.
According to Oracle, a handful of vulnerabilities can be exploited without extra privileges, including multiple in Oracle TimesTen In-Memory Database (CVE-2018-11058, CVE-2017-5645, CVE-2019-1010239 and CVE-2019-0201).
Those that are unable to deploy patches immediately are advised to implement workarounds in the meantime.
"Until you apply the Critical Patch Update patches, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack,” Oracle (opens in new tab)suggested.
- Best antivirus software of 2020 (opens in new tab)