- dotTech - http://dottech.org -

Yet another new zero-day Java vulnerability is found, and this one is being exploited in-the-wild

2013-03-02_025932 [1]

Do you still have Java installed? Then you probably want to know that yet another zero-day Java vulnerability is found, and unlike the two vulnerabilities discovered earlier this week by Security Explorations [2], this vulnerability is being exploited in-the-wild effectively making it a new zero-day attack aimed at Java users.

According to security firm FireEye, this particular attack attempts to override Java security measures by “overriding a bug chunk of memory”. If successful, Trojan known as McRat is installed on the target computer which allowed backdoor-access to scumbags. ArsTechnica points out that the exploit is “triggered when people with a vulnerable version of the Java browser plugin visit a website that has been booby-trapped with attack code”, seemingly indicating this is a drive-by attack and not one that requires users to run a specific Java applet. Fortunately this is not a “very reliable” reliable attack due to how it attempts to override such a large amount of memory, meaning often it fails to download McRat or, when downloaded, fails to execute it. However, it does work sometimes.

This particular attack is known to affect Java 6u41 and Java 7u15, the latest versions for Java 6 and 7. It has been confirmed by Kaspersky to not work with older versions of Java, including older versions of Java 6 and 7.

It is not known if this particular Java vulnerability is on Windows only or on Linux and Mac OS X, too. However, McRat is a Windows Trojan so the in-the-wild attacks are specifically targeting Windows users.

Oracle has yet to respond or patch this.

So. Are you ready to uninstall [3] or disable [4] Java yet?

[via ArsTechnica [5], FireEye [6]]