Tag: update

Oracle pushes out huge security update

Posted on January 22, 2015 by - News

Sisyphus-Image-01CDatabase outfit Oracle has pushed out a record number of patches in a security update.

Included in the patch are critical fixes for Java SE and the Oracle Sun Systems Products Suite.

All up this means that the update contains nearly 170 new security vulnerability fixes, including 36 for Oracle Fusion Middleware. Twenty-eight of these may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password.

The worst of the bugs are in Java SE, Fujitsu M10-1, M10-4 and M10-4S. In the case of Java SE, a CVSS Base Score of 10.0 was reported for four distinct client-only vulnerabilities.

Writing in the company blog, Oracle said that out of these 19 Java vulnerabilities, 15 affect client-only installations, two affect client and server installations, and two affect JSSE installations.

The blog says that the lower number of Oracle Java SE fixes reflect the results of Oracle’s strategy for addressing security bugs affecting Java clients and improving security development practices in the Java development organization.

While that might be true, the ton of patches in the rest of the software suggests that while Java is being closely watched, other bits are not.

In the case of the Oracle Sun Systems Products Suite, CVE-2013-4784 has a CVSS rating of 10.0 and affects XCP Firmware versions prior to XCP 2232. Overall, there are 29 security fixes for the suite.

The update also includes eight new security fixes for Oracle Database Server, none of which are remotely exploitable without authentication. Oracle MySQL has nine security fixes.

There are also: 10 fixes for Oracle Enterprise Manager Grid Control; 10 for Oracle E-Business Suite; six for the Oracle Supply Chain Products Suite; seven security fixes for Oracle PeopleSoft products; 17 for Oracle Siebel CRM; one for Oracle JD Edwards Products; two for Oracle iLearning; two for Oracle Communications Applications; one for Oracle Retail Applications; one for Oracle Health Sciences Applications and 11 new security fixes for Oracle Virtualisation.

Apple botches iOS8 update

Posted on September 25, 2014 by - News

CD153Not satisfied with releasing an expensive phone which bends if you stick it in your pocket, Apple has botched an update to its brand new iOS 8 operating system.

TheTame Apple Press praised Apple for releasing an “update” to the iOS 8 platform so early, but this was itself a cover to the fact that the iOS 8 was really broken, it was also packed with U2 which was too smug to be deleted.

However, the update itself was flawed within an hour-and-a-half of it going live, Apple is said to have pulled it. It turned out that the software geniuses at Apple created an update which inserted more problems.

How serious were the bugs, well Twitter is full of people who can’t get a signal following the update, with their iPhones stuck in searching for service mode, or getting the “No signal” message.

Others are seeing problems with the Touch ID fingerprint reader after applying the 8.0.1 update. The problem appears to be confined to the iPhone 6 and iPhone 6 Plus.

An Apple spokesperson said “We have received reports of an issue with the iOS 8.0.1 update. We are actively investigating these reports and will provide information as quickly as we can. In the meantime we have pulled back the iOS 8.0.1 update.”

An unofficial fix for this problem involves rolling back to iOS 8.0.  Our fix is to flog your iPhone on eBay before it is widely condemned as a lemon and buy a phone which does not bend for half the price and then take yourself on holiday somewhere nice with the left over money.