For the first time in years there is a new “0-day” exploit for Oracle databases (this one). I can’t find where this was originally posted, but it seems that whoever discovered this vulnerability didn’t notify Oracle┬áthat this bug existed before the exploit was in the wild.

Let me be very clear about this: security researchers generally do a great job, but a bug that is this severe shouldn’t be released before the vendor has a chance to create a patch. Kudos for Oracle for releasing an update this soon!