Oracle has released several updates to patch 270 vulnerabilities in Java, VirtualBox, MySQL and other software. Some of the vulnerabilities allowed an attacker to take full control over the computer.
A lot of the vulnerabilities are in software targeted at enterprises. But also for software used by regular internet users, such as Virtualbox and Java Standard Edition (SE), updates to fix vulnerabilities were released. The updates also patch vulnerabilities in software embedded in many end-user devices such as Java SE embedded (found in e.g. all Blu-ray players, some Ebook readers and even cars).
Java SE (versions 6u131, 7u121 and 8u112), notorious for being exploited by cybercriminals, saw 17 vulnerabilities fixed. Of those 16 could be exploited remotely. MySQL, used by many, many websites saw 27 vulnerabilities fixed and for VirtualBox, Oracle released 4 fixes.
The applications with the most fixes are E-Business Suite (121) and Financial Services (37), both for enterprise usage.
The company urges users to update as soon as possible to be protected against attacks exploiting these vulnerabilities. The company writes, "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay."
Java updates can be downloaded from Java.com or through the automatic update function. A full overview of all vulnerable products and updates can be found on Oracle.com.
