Yet another new zero-day Java vulnerability is found, and this one is being exploited in-the-wild

2013-03-02_025932

Do you still have Java installed? Then you probably want to know that yet another zero-day Java vulnerability is found, and unlike the two vulnerabilities discovered earlier this week by Security Explorations, this vulnerability is being exploited in-the-wild effectively making it a new zero-day attack aimed at Java users.

According to security firm FireEye, this particular attack attempts to override Java security measures by “overriding a bug chunk of memory”. If successful, Trojan known as McRat is installed on the target computer which allowed backdoor-access to scumbags. ArsTechnica points out that the exploit is “triggered when people with a vulnerable version of the Java browser plugin visit a website that has been booby-trapped with attack code”, seemingly indicating this is a drive-by attack and not one that requires users to run a specific Java applet. Fortunately this is not a “very reliable” reliable attack due to how it attempts to override such a large amount of memory, meaning often it fails to download McRat or, when downloaded, fails to execute it. However, it does work sometimes.

This particular attack is known to affect Java 6u41 and Java 7u15, the latest versions for Java 6 and 7. It has been confirmed by Kaspersky to not work with older versions of Java, including older versions of Java 6 and 7.

It is not known if this particular Java vulnerability is on Windows only or on Linux and Mac OS X, too. However, McRat is a Windows Trojan so the in-the-wild attacks are specifically targeting Windows users.

Oracle has yet to respond or patch this.

So. Are you ready to uninstall or disable Java yet?

[via ArsTechnica, FireEye]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

11 comments

  1. DoktorThomas

    [@sl0j0n] Just don’t use your new Java install for more than 23 seconds–the average time it takes to get attacked once online. Only a lazy fool would bank online–not that banks are recommended for any purpose.

  2. sl0j0n

    Hello, all.
    I noticed that some of you think you need Java for “banking/financial websites”.
    *IF* you actually do ‘need’ it, then install it fresh each time, and immediately *UNinstall* it afterwards.
    Although, personally, I would notify the ah, ‘offending’ website’s ‘webmaster’ that ‘requiring’ Java damages *their* ‘reputation’,
    because of the inherent insecurity of Java.
    Also, personally, I don’t *need* to do *anything* “banking/financial”-wise online.
    Call me an old fuddy-duddy, but the internet *ain’t* a ‘safe’ place to do *anything*!
    There are more ‘nasties’ online than ever b4, & this ain’t the time to be shortchanging your ‘security’.

    Have a GREAT day, neighbors!

  3. haakon

    (Now- and again) will start disable java, yes. Only activated before I need it. I dont think its “too bad” tho. No worries unless you visit websites, more specific, “infected” sites.
    I only need Java when I connect to the online Norwegian bank system.