Friday, April 12, 2024

Oracle Scrambles to Contain 0-Day Disclosure Snafu

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

ZDNet: Four years ago, security researcher Joxean Koret notified Oracle about a security vulnerability in its database software. Koret thought that Oracle patched the problem in its latest security release, so he published the details about the vulnerability that he had found and encouraged users to apply the patch.

The only problem–Oracle hadn’t actually fixed the bug.

As a result, hackers now know details about a vulnerability which, according to Oracle, “is remotely exploitable without authentication, and if successfully exploited, can result in a full compromise of the targeted Database.” Oracle still doesn’t have a patch for the vulnerability, but it has published a workaround, which enterprises are encouraged to use to maintain the security of their Oracle databases.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles