Disable Java! Recent 0-day exploit is included in exploit kits
Posted on 11 January 2013.
The Java zero-day that has recently been spotted being exploited in the wild has turned into big, big news as a number of popular exploit kits have been fitted with the exploit for it and there's still no news from Oracle on when we could expect a fix.

As shared by AlienVault's Head of Labs Jaime Blasco and confirmed by other security researchers, the exploit for the zero-day bypassing certain security checks tricking the permissions of certain Java classes as was the occurrence with the CVE-2012-4681 Java flaw discovered in August 2012.

"Similar to previous bugs, it enables you to run Java code outside the sandbox, so the thing about that is that its not dependent on OS or platform. It will run the same exact code on Mac OS X, Windows or Linux," Metasploit creator HD Moore explained for ThreatPost. "The exploits going around are targeting Windows, but more than likely, well see attacks for Mac like we did with the Flashback stuff last year."

It is known that the exploit is very effective and affects the latest Java version (1.7 Update 10), but there's no news about whether it works on version 1.6 - still rather popular with users. Trend Micro researchers say the exploit is being used to spread ransomware.

Everyone - including US-CERT - is advising users to disable Java until Oracle releases a patch.

"Weve been telling folks to disable Java 10 times a year for the past couple of years now," commented Moore. "Its really to the point where you should be telling people to keep it disabled all the time."

A Metasploit module for the exploit in question is in the works.

Update: Monday, 14 January 2013 - Oracle patches critical 0-day with new Java update.


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.