Oracle issues 78 vulnerability patches
Combined with Microsoft and Adobe patches, Oracle has made IT departments' lives a little harder this month.


Oracle today released patches for 78 flaws in its software, covering the majority of its products.
A total of 16 are categorised as critical, meaning they could be exploited for remote code execution.
"Most of their products, including the acquisitioned PeopleSoft, JD Edwards, Weblogic and the recent Sun/MySQL lines, are affected by this update," advised Wolfgang Kandek, CTO of security company Qualys.
"Only PeopleSoft and the virtualisation products are not affected by this critical rating - everybody else should pay close attention to the release.
"One notable exception is the Java programming language as it is updated on a separate schedule and had its last release in December 2011."
You can find the full list of affected products here.
Oracle's list of patches makes for a busy January for IT departments, following Adobe and Microsoft announcements from earlier this month.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Microsoft, which usually keeps January quiet for patching, issued seven security bulletins covering eight vulnerabilities. One of those covered the BEAST SSL flaw highlighted by researchers last year.
Researchers found a way to exploit a long-known flaw in TLS (Transport Layer Security) that could have undermined the security credentials of the SSL cryptographic protocol and affected millions of sites. However, little emerged from the discovery and the Redmond giant now has Windows users' backs covered.
Adobe, meanwhile, addressed critical flaws in Reader and Acrobat on the same day (10 January).
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
How to implement a four-day week in tech
In-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businesses
In-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
Scania admits leak of data after extortion attempt
News Hacker stole 34,000 files from a third-party managed website, trucking company says
-
CISA issues warning in wake of Oracle cloud credentials leak
News The security agency has published guidance for enterprises at risk
-
Oracle breach claims spark war of words with security researchers
News A war of words has erupted between Oracle and cybersecurity researchers following claims the company suffered a security breach.
-
The big book of selling data protection
Whitepaper Agile risk management starts with a common language
-
Detection is not enough: Exposed assets require rapid mitigation to reduce and eliminate risk
Whitepaper Agile risk management starts with a common language
-
Modern enterprise cybersecurity
whitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainability
whitepaper CIOs are facing two conflicting strategic imperatives
-
“By this time next year, Oracle employees won't be using passwords” — Larry Ellison wants a biometric future in cybersecurity
News The Oracle CTO hit out at passwords, calling them insecure and easy to steal