Serious Flaw Found in "PL/SQL Developer" Update System

M

Mihir :-)

Thread author
Allround Automations has released a new version of its PL/SQL Developer product to address a security flaw that allows man-in-the-middle (MitM) attackers to serve malicious files and execute arbitrary commands.

PL/SQL Developer is an Integrated Development Environment designed for developing stored program units for Oracle databases. The tool checks for updates every time it’s started and if an update is available, a file is downloaded from a specified URL and installed.

Application security consultant Adam Caudill discovered that version 11.0.4 (and likely earlier versions) uses HTTP when fetching updates and it does not validate the downloaded file’s authenticity.

Read More:Serious Flaw Found in "PL/SQL Developer" Update System | SecurityWeek.Com
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top