Java Zero-Day exploit.

It appears that the flaw allows the Blackhole exploit kit to target the Java system using a Pre.jar file that lets it install malware, in this case a banking [FONT=inherit !important][FONT=inherit !important]Trojan[/FONT][/FONT], onto users machines through a variety of methods.

"This morning we started getting the first indication of a large scale attack. So far we have observed over a dozen domains actively attacking systems with this exploit, and the count is increasing rapidly," reads Fireeye's blog post.

The Inquirer (Java zero day flaw puts millions of users at risk - The Inquirer)

I didn't see the post here, thought I should make a thread for ya'll.

Fraking Java. Always a thorn in my side. $:\$

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

amcnow

Sad thing is Oracle just released Java SE7 Update 6 a couple of weeks ago. I wonder whether or not the vulnerability was introduced with this update.

Roguetadhg

Make that: Two Zero day exploits...

"However, this time around, people with the latest version of Java were the ones most open to attack."

Second Java zero-day exploit uncovered | Macworld

"The bugs are in Java 7 and affect Windows, Mac OS X and Linux operating systems running a Web browser with a Java plugin enabled. The flaws were introduced with the release the platform in July 28, 2011, Guillardoy said in his analysis."

crrussell3

I have already disabled Java use for Internet zones here at work. We unfortunately still require it for L.O.B. applications, so leaving it for Intranet/Trusted Zones will have to do.

Tackle

Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security page > Internet Zone > Java Permissions. It’s counterintuitive, but you ENABLE the setting to make it apply, then choose DISABLE JAVA as the policy. Duplicate this setting in the Locked-Down Internet Zone as well.

Incase anyone was wondering.

boredgamelad

I was off yesterday and spent all day in bed with a migraine, so I wasn't aware of this. I was quite surprised to see a script pushed out to my machine as soon as I logged in this morning.

UNINSTALLING JAVA 7, DO NOT CLOSE

Then I saw the e-mail. Needless to say I was just a bit confused for a minute there.

amcnow

Roguetadhg wrote: »

Make that: Two Zero day exploits...

"However, this time around, people with the latest version of Java were the ones most open to attack."

Second Java zero-day exploit uncovered | Macworld

"The bugs are in Java 7 and affect Windows, Mac OS X and Linux operating systems running a Web browser with a Java plugin enabled. The flaws were introduced with the release the platform in July 28, 2011, Guillardoy said in his analysis."

At least Oracle finally acknowledged the first zero-day exploit...

Now, let's see how long it takes them to fix these flaws.

Roguetadhg

where at? i'm on Oracle's site.

cyberguypr

Patch has been released: Alert for CVE-2012-4681

Roguetadhg

Alright.. Well. Thread Revival:

Another critical Java vulnerability puts 1 billion users at risk | Computerworld Blogs

Can I get an alternative for Java?

paul78

Roguetadhg wrote: »

Can I get an alternative for Java?

Is that a rhetorical question?

This vulnerability appears to impact Oracle's implementation of the Java VM. There are actually other providers of Java VM's. Most of the other Java VM's are licensee's of Sun/Oracle but may not contain the vulnerabilities. But compatibility to the reference VM implementation from Sun/Oracle may be spotty and ill-supported

A decent list of other Java VM providers here - List of Java virtual machines - Wikipedia, the free encyclopedia