Thursday, January 10, 2013

Java 7: 0-day Actively Exploited In The Wild

Received an email from Beyond Trust about this exploit... the content is as below

January 10, 2013 
There is a 0day vulnerability (identified flaw, with no patch available) being actively exploited across the Internet in Java. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. Proof of concept code is already publicly available and we expect to see fully functioning exploit code incorporated into even more exploit frameworks within the next few days.

What does this mean to you?
  • This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10
  • Even if you're only running Java 6, users will be forced to automatically upgrade to version 7 in February of this year. This means further exposure to this vulnerability.
What you can do now to avoid being exploited
  • Disable Java entirely
  • If you don't need Java, remove it from the system entirely
  • Lower and manage desktop privileges with solutions like PowerBroker for Windows
  • Scan and detect this vulnerability with Retina Network
As always, we want our customers and users to be prepared for these types of exploits. We've posted a comprehensive writeup about this 0day and how to mitigate your risk.


Learn More About the Java 7 0day

Regards,
BeyondTrust Research Team



Looking at the link, I was bit worried since it does not pointed to BeyondTrust website. Google around and found many more discussion about this... (search on Java 7 0day exploit via google)...



Some of the sites talks about it:

  1. http://thenextweb.com/insider/2013/01/10/new-java-vulnerability-is-being-exploited-in-the-wild-disabling-java-is-currently-your-only-option/
  2. http://www.theregister.co.uk/2013/01/10/java_0day/
  3. http://www.networkworld.com/news/2013/011013-java-zero-day-vulnerability-actively-exploited-265723.html
  4. http://www.nsaneforums.com/topic/154515-critical-java-0-day-being-massively-exploited-in-the-wild/
  5. http://blog.beyondtrust.com/java-0day-exploit-oracle-urges-people-to-run-into-burning-building


However, till today (09 January 2013), I've yet to see this appear on OSVDB, OWASP, or any other vulnerabilities databases sites or advisories sites such as Microsoft, Symantec, Karspersky, IBM, and Homeland Security... I wonder why? might be because I miss that or wrongly searched, or somehow it is yet to be available on these sites.

0 comments :

Share It

Popular Posts