🔴 Critical  |  Source: The Register — Security


Attackers were actively exploiting a critical vulnerability in Oracle E-Business Suite before public proof-of-concept exploit code was released, suggesting they reverse-engineered Oracle’s own patch to identify and weaponise the flaw. This technique, known as patch-diffing, allows sophisticated threat actors to gain a significant head start over defenders. The incident highlights the narrow and shrinking window organisations have to apply patches before they face active exploitation.

Security Architect’s Take: If Oracle E-Business Suite is in your environment — cloud-hosted or on-premises — treat this as a critical priority: apply Oracle’s patch immediately if not already done, audit access logs for anomalous activity predating the public disclosure, and review whether your EBS instances are unnecessarily internet-exposed. Consider implementing virtual patching via WAF rules as an interim control where immediate patching is not feasible.

Original advisory: Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even released