Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

New Java Zero Day Surfaces, Exploit Already Added to Popular Crimeware Toolkits

New Java Vulnerability Being “Massively Exploited” in the Wild

Another Java zero-day security flaw is actively being targeted in the wild, and exploits are already in use across some of the most popular crimeware toolkits.

If you haven’t disabled Java yet, there is no better time than now.

New Java Vulnerability Being “Massively Exploited” in the Wild

Another Java zero-day security flaw is actively being targeted in the wild, and exploits are already in use across some of the most popular crimeware toolkits.

If you haven’t disabled Java yet, there is no better time than now.

The vulnerability exists in all versions of Java 7, and AlienVault Labs researchers were able to reproduce the exploit in a system running the fully-patched and up-to-date Java 7 Update 10, Jamie Blasco, the labs manager at AlienVault wrote on the company blog Jan. 10. The latest bug resembles the earlier Java zero-day (CVE-2012-4681) that was uncovered in August, Blasco said.

Java Zero DayWhile Oracle took the rare step of releasing an out-of-band patch for that zero-day bug a few days after the flaw was identified, at the moment, there is no word of a fix or mitigation controls from the company at this time. Users should immediately disable the Java plugin (version 1.7) in their browser (or if they already have done so, leave it disabled for the time being).

“Java 7 Update 10 and earlier Java 7 versions contain an unspecified remote-code-execution vulnerability,” Department of Homeland Security’s U.S. Computer Emergency Readiness Team (CERT) warned in its Vulnerability Note.

The Java file was “highly obfuscated” and the current exploit in the wild can bypass security checks, Blasco wrote in his analysis. By tricking a user into visiting a specially crafted HTML document, either a website or even a booby-trapped email attachment, a remote attacker may be able to execute arbitrary code, US-CERT warned.

If a user visits a malicious site exploiting this vulnerability, the attacker can “virtually own your computer,” Blasco said.

Advertisement. Scroll to continue reading.

Java exploits are exceptionally dangerous because they tend to be cross-platform attacks. The exact same code can run on Mac OS X, Windows, and Linux. Kafeine, the French researcher who alerted AlienVault to the vulnerability and the exploit, described the situation as “mayhem.”

It’s not clear how many sites may have already been infected with this exploit and how many users have been compromised, although Kafeine said the site he found the infection on had “hundreds of thousands of hits daily.” The security hole is “massively exploited in the wild,” wrote Kafeine, as several crimeware toolkits, including Blackhole, Cool Exploit, and NuclearKit, are already using the exploit.

Blackhole’s creator bragged on underground forums about the new Java exploit, calling it a “New Year’s Gift” for customers, wrote security writer Brian Krebs on Krebs on Security.

Oracle shipped Java 7 update 10 with a built-in disabling feature last month, which allows users to disable the Java content in the browser through the Java control panel applet. US-CERT and SANS Institute recommended using the feature. Otherwise, users can just disable the entire Java plugin in their browsers outright.

Users are “strongly advised to put Java down and keep it that way until things get sorted out,” Bogdan Botezatu, senior e-threat analyst at BitDefender wrote on the Hot for Security blog. They should also make sure to not click on “any spammy links, regardless of how appealing they might look like in the following days,” Botezatu said.

It seems that only version 1.7 of the Java plugin is being targeted at this time.

Exploit writers are increasingly targeting Java, as the installed base is quite large. In many cases, users may have installed Java once, and then never updated it again because they forgot about it.

This Java zero-day is a reminder for administrators to think about the policy of “least privilege,” Marc Maiffret, CTO of BeyondTrust, told SecurityWeek. Considering the “constant stream” of client application vulnerabilities, “one of the best things an organization can do to limit their impact is to properly manage user account privileges across an organization,” Maiffret said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.