DUBLIN and ATLANTA, — Waratek, the compiler-based application security company, has issued guidance on Oracle’s latest Critical Patch Update (CPU) for April 2018, which addresses 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
This Critical Patch Update patches 15 Java-related vulnerabilities including one flaw identified by Waratek. The number of Java SE patches in the Q2 CPU dropped by 1/3rd from 21 to 14, but the percentage of flaws that do not require authentication to be exploited remains the same as Q1 – 86%. The highest CVSS Score of the Java SE vulnerabilities is 8.3.
“The April CPU arrives during the largest gathering of security experts in the world – the annual RSA Conference – and reinforces a recurring theme during discussions at the event: unpatched software flaws represent the single largest cybersecurity threat today,” said Waratek Founder and Chief Technology Officer John Matthew Holt.
“The volume of velocity of patches and the length of time it takes to patch enterprise applications make it next to impossible to fix flaws fast enough to significantly reduce the risk of being exploited by a known flaw,” added Holt. “True virtual patching – when code bugs are replaced in real time while the app runs with patches that mirror a physical binary – is the fastest and most accurate way to close the gap between when vulnerabilities are announced and attacks begin.”
Waratek will publish functional equivalent virtual patches based on the CPU for customers to apply without source code changes and without taking a vulnerable application out of production.
Other highlights of the release include:
About Waratek
Waratek is a pioneer in the next generation of application security solutions. Using patented technology, Waratek makes it easy for security teams to instantly patch known flaws, virtually upgrade out-of-support applications, and protect 100% of their application code – all without time consuming and expensive code changes or unacceptable performance overhead.
Waratek is one of CSO Online’s Best Security Software solutions of 2017, a winner of the RSA Innovation Sandbox Award, and more than a dozen other awards and recognitions.
Waratek is based in Dublin, Ireland and Atlanta, Georgia. For more information visit https://www.waratek.com/