Oracle Patches 3-Year-Old Java Deserialization Flaw in April Update
April 18, 2019 / Sean Michael Kerner
Oracle released its latest quarterly Critical Patch Update on April 17, fixing 297 vulnerabilities spread across its software portfolio. The vulnerabilities patched in the update vary in severity, with 53 of the flaws getting a Common Vulnerabilities Scoring System (CVSS) score of 9.0 or more, denoting the most critical issues. Not all of the vulnerabilities in the patch set are entirely new either, with one being a 3-year-old flaw in a Java library that is only now making its way into patches for affected products. The need to patch flaws both old and new is one that Oracle and security experts alike regularly emphasize. Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes," Oracle stated in its advisory. "In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches.