Oracle issues mega batch of security patches

Oracle customers will have access to another large collection of security updates from today in order to plug critical holes in the IT giant's product offerings.

The January 2014 Critical Patch Update (CPU) contains 144 new security vulnerability fixes, with some 46 products with hundreds of components listed as affected.

They range from Oracle Databases 11gR1, 11gR2, 12cR1 to the company's Fusion Middleware, iPlanet Web Server, Peoplesoft, Siebel, and VM Virtualbox software.

As for Oracle's Java programming framework - which has been targeted by malware writers over the past few years due to numerous security issues - today's patch batch contains no fewer than 36 fixes. Of these, 34 can be exploited by attackers.

Earlier this month, hundreds of thousands of visitors to the Yahoo.com website were at risk of having their computers infected from malicious adverts.

The adverts redirected to sites hosting the Magnitude exploit kit that takes advantage of Java browser plug in vulnerabilities in order to install malware such Zeus, Andromeda, Dorkbot and more.

Source: Kaspersky Labs

Java is the most popular attack vector for malware writers, according to security firm Kaspersky. The security vendor analysed data from 60 million of its users between 2011 and 2013, and found Java exploits rose significantly, despite a decline in others such as PDF and Flash exploits.

Oracle recommended customers apply the CPU fixes as soon as possible due to the threat posed by successful attacks.