March 1, 2013
Another Day, Another Java Exploit
Michael Harper for redOrbit.com — Your Universe Online
Almost as if on schedule, it´s been discovered yet another Java zero-day exploit is being used to attack computers. This exploit not only follows an extensive line of exploits just like it, it also follows a month riddled with a number of high-profile attacks against Twitter accounts and popular tech companies.
In a report by FireEye (aptly titled “Yet Another Java Zero-Day”), security experts have said they´ve detected another vulnerability in Java that has never before been seen in the wild. The FireEye team specifically observed these attacks on machines with Java v1.6 Update 41 and Java v1.7 Update 15 installed.
In this attack, the vulnerability is used to install a remote access tool onto the machine known as McRAT. When these exploited users visit an infected Web site, McRAT jumps into action and takes over the machine.
“The exploit is not very reliable, as it tries to overwrite a big chunk of memory,” writes the FireEye team.
“As a result, in most cases, upon exploitation, we can still see the payload downloading, but it fails to execute and yields a JVM crash.”
In conclusion, the FireEye team writes, “This post was intended to serve as a warning to the general public. We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery.
“Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to "High" and do not execute any unknown Java applets outside of your organization.”
It bears repeating: If you aren´t sure if you absolutely must have Java installed on your machine, then you probably don´t. Java has gotten so bad lately the Department of Homeland Security had to issue a statement urging Americans to disable it for fear it could be used as a tool for cyber espionage.
Java has become so bad, even those who take advantage of these vulnerabilities to exploit computers have begun hiding malicious code in false Java updates.
Java has become so bad in recent months, Apple has blacklisted old versions and will not run any version other than the most up-to-date.
However, as this latest exploit takes advantage of the latest version, even Macs may not be safe for another day or two.
For an explanation on how to disable Java, which you should do immediately, follow these handy instructions by Java themselves.