Oracle Fixes 35 Major Security Flaws

Oracle's first-ever monthly security update addresses 35 vulnerabilities, including 11 rated 'critical', with some exploits already available in the wild.

Oracle has initiated a new monthly security patching schedule, moving away from its traditional quarterly updates for the most urgent threats. The first release in this new cycle, the Critical Security Patch Update (CSPU), addresses a total of 35 vulnerabilities across its product portfolio. The company has classified 11 of these flaws as 'critical,' with an additional 18 rated 'high' and six as 'medium.' Significantly, exploit code for some of these vulnerabilities is already publicly available, which dramatically increases the risk for organizations that have not yet applied the patches.

This update is particularly important for organizations using widely deployed Oracle products, including Oracle REST Data Services and the E-Business Suite. The presence of public exploits means that attackers have a clear roadmap to compromise vulnerable systems, making immediate patching a top priority for IT and security administrators. This shift to a monthly cycle for critical patches reflects a broader industry trend towards faster response times to security threats, requiring system administrators to adapt their own patching cadences to keep pace.