Yet another new zero-day Java vulnerability is found, and this one is being exploited in-the-wild
March 2, 2013 11
Email article | Print article 
Do you still have Java installed? Then you probably want to know that yet another zero-day Java vulnerability is found, and unlike the two vulnerabilities discovered earlier this week by Security Explorations, this vulnerability is being exploited in-the-wild effectively making it a new zero-day attack aimed at Java users.
According to security firm FireEye, this particular attack attempts to override Java security measures by “overriding a bug chunk of memory”. If successful, Trojan known as McRat is installed on the target computer which allowed backdoor-access to scumbags. ArsTechnica points out that the exploit is “triggered when people with a vulnerable version of the Java browser plugin visit a website that has been booby-trapped with attack code”, seemingly indicating this is a drive-by attack and not one that requires users to run a specific Java applet. Fortunately this is not a “very reliable” reliable attack due to how it attempts to override such a large amount of memory, meaning often it fails to download McRat or, when downloaded, fails to execute it. However, it does work sometimes.
This particular attack is known to affect Java 6u41 and Java 7u15, the latest versions for Java 6 and 7. It has been confirmed by Kaspersky to not work with older versions of Java, including older versions of Java 6 and 7.
It is not known if this particular Java vulnerability is on Windows only or on Linux and Mac OS X, too. However, McRat is a Windows Trojan so the in-the-wild attacks are specifically targeting Windows users.
Oracle has yet to respond or patch this.
So. Are you ready to uninstall or disable Java yet?
[via ArsTechnica, FireEye]
About the author: Ashraf View all posts by Ashraf
Related »
11 Comments »
Leave A Response »
I’ll stick to my trusty security setup in case Java is ever needed, but Oracle really needs to step it up.
By needed, I meant online. A few of my programs require Java, and my classes include Java development. Ashraf, whatever happened to the edit function?
[@J.L.] Disabled until I can get it fixed. Sorry about the inconvenience.
Disabled for nearly all internet sites. Will not uninstall – it is too valuable.
I’m surprised anyone would still be using Java online these days…..
(Now- and again) will start disable java, yes. Only activated before I need it. I dont think its “too bad” tho. No worries unless you visit websites, more specific, “infected” sites.
I only need Java when I connect to the online Norwegian bank system.
[@haakon] A lot of banking/financial websites in the USA also require it.
[@Ashraf] While you’re fixing the “edit” button, please,could you refer to *DragonBall Z” and also install a *Muffin Button* ?
Hello, all.
I noticed that some of you think you need Java for “banking/financial websites”.
*IF* you actually do ‘need’ it, then install it fresh each time, and immediately *UNinstall* it afterwards.
Although, personally, I would notify the ah, ‘offending’ website’s ‘webmaster’ that ‘requiring’ Java damages *their* ‘reputation’,
because of the inherent insecurity of Java.
Also, personally, I don’t *need* to do *anything* “banking/financial”-wise online.
Call me an old fuddy-duddy, but the internet *ain’t* a ‘safe’ place to do *anything*!
There are more ‘nasties’ online than ever b4, & this ain’t the time to be shortchanging your ‘security’.
Have a GREAT day, neighbors!
[@sl0j0n] Just don’t use your new Java install for more than 23 seconds–the average time it takes to get attacked once online. Only a lazy fool would bank online–not that banks are recommended for any purpose.
[@DoktorThomas] I would love to see some statistics on how many people get hacked vs robbed at ATMs/banks.