Printed from http://www.electronista.com

Java zero-day exploit seen in malicious advertising

updated 04:29 pm EST, Thu January 10, 2013

Vulnerability found in Java 7 Update 10

A previously unknown vulnerability in Java is being used online by hackers, according to security researchers. The 0-day exploit has also reportedly been included in two malware toolkits used by hackers, with the best form of protection currently being to turn off the Java plug-in for all browsers until the hole is patched.

The US Computer Emergency Readiness Team has noted that the vulnerability in Java 7 Update 10 could be used by a remote attacker to "execute arbitrary code on a vulnerable system" using a "specially crafted HTML document," according to The Next Web.

French security researcher Kafeine, the first to find the flaw, saw that the exploit was being used on a major site, potentially affecting "hundreds of thousands" of visitors per day. Kafeine also saw that it has been incorporated into the BlackHole Exploit Kit and the Cool Exploit Kit, both used to spread malware onto other machines.

Kurt Baumgartner, a security expert for Kaspersky, claims that the exploit is already being used in advertisements on a wide range of sites, from news and weather services to adult sites.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. daqman

    Junior Member

    Joined: 09-15-00

    All vey well but...

    This sounds like a nasty vulnerability but all of the sites I've looked at (like CERT) show screenshots, paths and other information that is Windows specific. Yes, I know Java runs on various platforms but it just isn't clear if the exploiters of the vulnerability are targeting Windows only or OSX also. Anyone have information?

    For some of us turning Java off is not an option since we have in-house Java code used on a daily basis.

  1. dechamp

    Fresh-Faced Recruit

    Joined: 01-12-10

    Turning off java is an option

    Oracle says it will patch the exploit on Tuesday. Who cares if it only affects certain OS's or just some machines? Oracle needs to research and improve Java anyway, and this will get them off their butts. I can certainly wait for safe programs, but then I spend almost all my time cleaning up the latest versions of the FBI Scam, and the latest fake Anti-Virus scams. My clients don't need the grief and can wait a couple of days.

    These sloppy 3rd party plugins like Adobe Flash and Oracle Java will have to get better or get gone.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News