Interns Hacked Oracle Software in under an Hour, Researcher Says

Multiple vulnerabilities inherent in Oracle’s software were hacked by interns working at a security researcher’s cybersecurity firm, notes Alexander Polyakov, founder of ERPScan Research.

Oracle, much like all big software manufacturers deals with sealing security holes and vulnerabilities by issuing patches for its widely used software. Most recently, the software and solutions giant released a total of 154 new security patches for its software. The E-Business Suite counts among Oracle’s most prominent, widely-used and popular software, for which 12 patches were issued.

As it turned out, six of those twelve patches contained bugs that were quickly discovered by interns working at ERPScan Research, in under an hour.

Some vulnerabilities are so significant and critical that they could potentially allow an attacker to gain control of the apps, according to founder Polyakov, speaking to Business Insider.

Oracle Has a History with White Hat Hackers

It was only last August when Oracle’s Chief Security Officer, Mary Ann Davidson was found facing much criticism after a blog post (now deleted) wherein she did not prefer Oracle’s customers or independent security researchers to look for or even report bugs found in Oracle’s software. She contended, at the time, that the company was plenty capable in finding and fixing the security holes on its own.

A significant backlash followed and the blog post was taken down by Oracle soon after it went viral, with the company distancing itself from Davidson’s comments. The company also added that her views weren’t shared and “didn’t reflect” the company, despite her being responsible for the security policies and infrastructure of the company’s products and services.

Oracle’s Chief Technology Officer and Executive Chairman Larry Ellison gave a recent interview wherein he gently touched on possible security solutions in the company’s plans for the future.

Among the many ways in making its software more secure, Oracle, he said, is looking at implementing security technology built right into the hardware or the chip. He says that the security feature will be switched on, by default and will have no way of turning it off once it is being used.

Regardless, the wider security industry will remain vigilant in looking for bugs and vulnerabilities to protect users all around the world. Even more-so, it is quite simply the right thing to do.