Oracle has taken a substantial step in fortifying its software by releasing 387 new security patches as part of the October 2023 Critical Patch Update (CPU). These patches are designed to address 185 vulnerabilities found in both Oracle’s proprietary code and third-party components.
Notably, over 40 of these patches target critical-severity flaws, and more than 200 tackle bugs that have the potential to be remotely exploited without authentication. The vulnerabilities are diverse and span multiple Oracle products, with the Financial Services Applications product receiving the highest number of patches at 103, 49 of which address remotely exploitable issues.
Following closely, Oracle Communications received 91 security patches, with 60 targeting unauthenticated, remotely exploitable problems. Additional patches were released for various Oracle products, such as Fusion Middleware, MySQL, Analytics, Retail Applications, Database Server, and many more.
Oracle also published the October 2023 Oracle Linux Bulletin, including 61 security patches, and announced the release of 14 new security patches for Oracle Solaris, addressing 12 remotely exploitable, unauthenticated flaws. The release highlights the critical need for Oracle customers to promptly apply these security patches to safeguard their systems against potential malicious attacks, as Oracle periodically receives reports of attacks exploiting vulnerabilities for which patches already exist.
Oracle strongly recommends its customers to apply these Critical Patch Update security patches as soon as possible to mitigate the threat of successful attacks due to unpatched vulnerabilities.