A computer security expert has uncovered a flaw in the Oracle Database that could let hackers remotely access sensitive information in corporate and government databases via the Internet.
It allows an attacker without a user ID and password to take complete control. All firewalls become irrelevant. This is revealed at the Black Hat hacking conference in Washington.
Oracle has been warned of the problem in November, hoping that the company would fix the flaw when it issued a group of quarterly security patches in January. But Oracle failed to do so.
The researcher believes about nine out of every 10 Oracle databases are vulnerable to attack. It was impossible to say whether any hackers had actually exploited the flaw to illegally break into a database. [via]