A security researcher has reported that Oracle’s most recent quarterly cumulative patch update, released on Tuesday, leaves some flaws exploitable.
David Litchfield, a security research with Next Generation Security Software Ltd., was in the process of auditing the CPU when this story was posted.
Litchfield on Wednesday evening posted to BugTraq a message saying that the patch is still lacking.
“Having downloaded and given the Oracle October patch a cursory examination, some of the flaws Oracle told me were being fixed, remain exploitable,” he wrote. “Once again the patch is not sufficient. I will conduct a full investigation of the patch over the coming few days and post some recommendations once complete.”
The October CPU, a set of 23 patches, is intended to close 85 security vulnerabilities in Oracle databases, servers and enterprise applications.