Oracle issues critical patch fix

Oracle has released a critical patch update to fix more than 30 security vulnerabilities in a range of products, including its Database, Application Server, Enterprise Manager and Collaboration Suite software.

The release includes a new Default Password Scanner utility to help users secure Oracle-provided default database schema accounts that have default passwords. It updates the password-checking utility released in January.

But the company warned, “The Oracle Default Password Scanner does not replace the essential security guidelines described in the Database Security Checklist, nor does it lessen the importance of appropriately securing all database and application accounts.”

The quarterly update follows critical out-of-cycle security patches issued in February and March. After Oracle’s scheduled January patch release, the company came under fire from analyst firm Gartner, which warned that Oracle databases were in danger of losing their reputation for security.

Earlier this month, Oracle inadvertently alerted hackers to a bug in its Server platform, accidentally publishing  information that could be used to exploit it. The information has since been withdrawn.