Java Under Attack Again, Disable Now

  /     /     /  
Publicated : 22/11/2024   Category : security


Java Under Attack Again, Disable Now


Java zero-day vulnerability is under attack by at least four active campaigns. Oracle has yet to respond. Heres what to do.



Who Is Hacking U.S. Banks? 8 Facts (click image for larger view and for slideshow)
Security experts have a message for all businesses: Disable Java now, and keep it disabled.
Thats their advice message after the discovery Thursday of
yet another zero-day Java vulnerability
, as well as a number of attacks that are already exploiting the flaw to run arbitrary code on PCs.
It looks like this exploit is being used in at least four different active exploit kits -- Blackhole, Cool Exploit Kit, Nuclear Pack and Redkit, said research engineer Nick Randolph, whos part of the Sourcefire Vulnerability Research Team (VRT), in a
blog post
. Source code has popped up on pastebin as well, and the VRT has been able to compile it and confirm that it is functional. An exploit module has also been developed for the open source
Metasploit
penetration testing toolkit.
The Java zero-day vulnerability, dubbed CVE-2013-0422, allows remote attackers to execute arbitrary code via unknown vectors, possibly related to permissions of certain Java classes, according to the National Vulnerability Database. The flaw affects all versions of Java 7, including Oracle Java 7 Update 10, which is the most recent version. With some estimates suggesting that
34% of all PCs
currently run a version of Java 7, the zero-day vulnerability may now be present on over 400 million systems.
Attackers have been rushing to exploit the vulnerability, which in the past 24 hours has become one of the most-seen exploits by antivirus software. Java exploit is trending: our generic detection Exploit:Java/Majava.C already in TOP10 for the past 24 hours (with 2 other Java detections), said Timo Hirvonen, an anti-malware analyst at antivirus vendor F-Secure, in a Friday
Twitter post
. Earlier this week, a security researcher who goes by the moniker
@Kafeine
-- and whos
detailed some of the current attacks
that exploit the vulnerability -- reported seeing hundreds of thousands of hits on just a single website that was hosting the exploit.
Those attacks are just the beginning. We anticipate that ... this will be very wildly exploited in the field in the coming days via a variety of different vectors, said Sourcefires Randolph.
With that in mind, whats the
quickest way to disable Java
? On systems running recent versions of Java, the
Java control panel
can be used to immediately disable the plug-in for all installed browsers.
Technology giant Oracle, which maintains Java, has yet to issue an official response regarding the latest zero-day Java flaw, which suggests that a fix wont be immediately forthcoming. Unless they have previous intelligence regarding this vulnerability, a patch will likely be at least days in the making, said Randolph. Anyone who can continue to do their job with Java disabled in their browser is strongly encouraged to do so immediately, as thats the only way to ensure complete safety against this attack or others like it -- which, based on the history of Java 0-days over the last 12 months, are likely to happen at some point within the not-too-distant future.
Indeed, this is far from the first time that security experts have sounded warnings over Java. Last year, the discovery of a
zero-day flaw in Java 7
affecting Windows, OS X, and Linux led also led to calls that Java should be immediately disabled in all browsers.
Some companies have been pursuing stronger measures. Last year, after attackers reverse-engineered a Windows Java vulnerability to create the
Flashback malware
, which successfully infected over 600,000 Macs, Apple updated recent versions of OS X to disable Java, if not used for more than 35 days. In October, meanwhile, Apple got tougher, issuing an update that
excised Java
from all Apple browsers. To run Java, users would need to download the software from Oracle.
Taking a page from Adobes approach to Flash -- which previously enjoyed the attentions of zero-day attackers who recently have been embracing Java flaws -- Oracle last year finally released an
automatic updater for Java
. As a result, Java security fixes can be pushed directly to users when ready.
But with Java users facing yet another zero-day threat, might more businesses now ban the plug-in, which has already put an unknown number of Java users at risk? While researchers reported discovering the bug on Jan. 10, it was apparently being used by attackers to exploit systems beginning at least several weeks before then. We first observed the new Java 0-day on Dec 17th, very low rates until the morning of Jan 9th when detection rate surged, said Costin Raiu, a senior security researcher at Kaspersky Lab,
via Twitter
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Java Under Attack Again, Disable Now