Welcome Guest
THE HACKING TOAD
Main | Registration | Login | RSS
Main » 2013 » January » 13 » Java Zero Day Attack
4:41 PM
Java Zero Day Attack

Java Under Attack

Java zero-day vulnerability is under attack by at least four active campaigns. Oracle has yet to respond. What to do?

Security experts have a message for all businesses: Disable Java now, and keep it disabled.
An exploit for a previously unknown and currently unpatched vulnerability in Java is being used by cyber-criminals to infect computers with malware, according to security researchers.
An independent malware researcher who uses the online moniker Kafeine reported the existence of the exploit "in the wild" -- being actively used in attacks -- on his blog this week.
Attackers are using such exploits to silently install malware on the computers of users who visit compromised websites, in what are known as drive-by download attacks.
The Java zero-day vulnerability, dubbed CVE-2013-0422, "allows remote attackers to execute arbitrary code via unknown vectors, possibly related to 'permissions of certain Java classes,'" according to the National Vulnerability Database.
The flaw affects all versions of Java 7, including Oracle Java 7 Update 10, which is the most recent version. With some estimates suggesting that 34% of all PCs currently run a version of Java 7, the zero-day vulnerability may now be present on over 400 million systems.
With that in mind, what's the quickest way to disable Java? On systems running recent versions of Java, the Java control panel can be used to immediately disable the plug-in for all installed browsers.
Technology giant Oracle, which maintains Java, has yet to issue an official response regarding the latest zero-day Java flaw, which suggests that a fix won't be immediately forthcoming.
Indeed, this is far from the first time that security experts have sounded warnings over Java. Last year, the discovery of a zero-day flaw in Java 7 affecting Windows, OS X, and Linux led also led to calls that Java should be immediately disabled in all browsers.
Some companies have been pursuing stronger measures.  In October Apple issued an update that excised Java from all Apple browsers. To run Java, users would need to download the software from Oracle.
"We first observed the new Java 0-day on Dec 17th, very low rates until the morning of Jan 9th when detection rate surged," said Costin Raiu, a senior security researcher at Kaspersky Lab.
"The 0-day attack code that was spotted in the wild today is yet another instance of Java security vulnerabilities that stem from insecure implementation of the Java Reflection API," said Adam Gowdiak, the founder of Security Explorations, a Polish security company that specializes in Java vulnerability research.

What is a Zero-day attack?
A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. There are zero days between the time the vulnerability is discovered and the first attack.
Category: TECH NEWS | Views: 832 | Added by: arsh | Tags: zero day threat, disable java, java zero day attack, java flaws | Rating: 4.0/1
Total comments: 0
Name *:
Email *:
Code *:

Login form
Section categories
TECH NEWS [7]
all the latest happenings in the world of technology
TUTORIALS [5]
FUN [4]
Our poll
Rate my site
Results | Polls archive
Total of answers: 9
Statistics
Total online: 2
Guests: 2
Users: 0
Search
Calendar
«  January 2013  »
SuMoTuWeThFrSa
  12345
6789101112
13141516171819
20212223242526
2728293031
Entries archive
Copyright © 2024Website builderuCoz