Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Java Zero-Day Added to Blackhole Exploit Kit and Metasploit

The zero-day in Java that SecurityWeek reported on Monday has gotten worse, as it can be targeted from within the Blackhole Exploit Kit and Metasploit. While this means good guys can use Metasploit as a means to proactive protection, the bad guys now have a way to automate victim collection.

The zero-day in Java that SecurityWeek reported on Monday has gotten worse, as it can be targeted from within the Blackhole Exploit Kit and Metasploit. While this means good guys can use Metasploit as a means to proactive protection, the bad guys now have a way to automate victim collection.

To recap, security researchers from FireEye discovered the Java problem late last week, and after testing confirmed that it was a zero-day flaw. Systems running Windows, Mac OS X, or Linux, with JRE 1.7 Update 0 though 6 installed for Firefox, Safari, or Internet Explorer (and Chrome on XP), are vulnerable.

“As a user, you should take this problem seriously, because there is currently no patch from Oracle. For now, our recommendation is to completely disable Java until a fix is available,” Rapid 7 said in a blog post.

Security teams wishing to test Rapid 7’s findings can download Metasploit, where a module has been released. Rapid 7 customers with Metasploit Pro can update their installations for the latest modules, as can existing Metasploit users.

As mentioned, there is no patch for the issue from Oracle. At the earliest, Oracle may release one as a bug fix, but that is two months away (October 16). It’s extremely rare that Oracle would issue an out-of-cycle patch, and there is no expectation that they will make an exception for this latest issue.

With that said, users are advised to remove Java from their systems, unless there is an urgent need for it. For the typical home user, Java isn’t a requirement for day-to-day browsing, but it is often installed and left unpatched, making it the easiest way for an attacker to compromise a given system.

When it comes to business usage, Java remains locked in a love and hate relationship. Legacy applications sometimes require the software, meaning IT teams have to remain vigilant, and patch every four months as needed. Yet, vulnerabilities with no patches leave them exposed. In cases like this, the only option (other than to stop using Java) is to limit the access Java has to the outside. This could mean installing Java to a secondary browser and only using that browser for Java-based applications, or filtering all outbound traffic from the client. Neither option is pretty.

Targeted attacks using the latest Java flaw are expanding slowly, but with its inclusion in to the Blackhole Exploit Kit, that will change. Already, less than 24-hours after it was included in the crime kit, more than a dozen domains are using the new flaw to attack systems. Even worse, this flaw isn’t even a primary method of attack. It’s a backup.

“So far we have observed over a dozen domains actively attacking systems with this exploit, and the count is increasing rapidly…Almost all of the domains are hosting multiple exploits. If nothing else works, the new Java zero-day kicks in and all of a sudden the machine is compromised,” FireEye researcher Atif Mushtaq wrote in an update to his original blog post on the vulnerability.

“It’s very disappointing that Oracle hasn’t come forward and announced a date for an emergency update patch. Once again I strongly recommend if it is not critical, uninstall the JRE plug-in from your browser.” 

Additional information and mitigation details can be found here

Related InsightBlackHole Exploit – A Savvy Cyber Gang Driving a Massive Wave of Fraud

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.