Adobe, Oracle Plug over 60 Security Vulnerabilities in Updates
Microsoft wasn't the only company to issue security patches April 13. Oracle and Adobe Systems pushed out updates to their products as well.
Oracle plugged 47 security holes in a massive update, the company's second of the year. Sixteen of the Oracle vulnerabilities are tied to the Oracle Solaris (formerly under Sun Microsystems) product suite. Eight of those 16 are remotely exploitable without user authentication.
Oracle also fixed eight bugs in its e-business suite portfolio, seven database vulnerabilities, one flaw in the Oracle Collaboration suite and five security fixes for Oracle Fusion Middleware. In addition, the update included patches for four bugs in Oracle PeopleSoft and JD Edwards EnterpriseOne Suite and six fixes for vulnerabilities in the Oracle Industry Applications Suite.
Adobe, meanwhile, fixed 15 vulnerabilities in Adobe Reader and Acrobat and went forward with its plans for its new updater technology. The feature, explained Adobe Director of Product Security and Privacy Brad Arkin, will help protect users by ensuring they are running the most current versions of Adobe software.
"Most users who ever encountered a security problem using Adobe products were attacked via a known vulnerability that was patched in more recent versions of the software," he blogged. "The new updater technology was designed to address part of this problem."
With the new updater, Windows users will be able to set Adobe Reader and Acrobat to automatically download updates without any user interaction. Qualys CTO Wolfgang Kandek said the feature should help slash the half-life-the time it takes to cut the occurrence of a vulnerability by half-for many users.
"The overall half-life for Adobe Reader is slightly over 60 days, compared to just under 30 days for all software, and under 15 days for core operating system software," he said. "The silent updater will have a positive effect on updates for Adobe. We see much better update performance on Adobe Reader v9 than for the mix of v9/8 and v7 and attribute that to the existing updater in v9. I would expect the silent updater to further increase this gap."