Printed from

Java zero-day exploit seen in malicious advertising

updated 04:29 pm EST, Thu January 10, 2013

Vulnerability found in Java 7 Update 10

A previously unknown vulnerability in Java is being used online by hackers, according to security researchers. The 0-day exploit has also reportedly been included in two malware toolkits used by hackers, with the best form of protection currently being to turn off the Java plug-in for all browsers until the hole is patched.

The US Computer Emergency Readiness Team has noted that the vulnerability in Java 7 Update 10 could be used by a remote attacker to "execute arbitrary code on a vulnerable system" using a "specially crafted HTML document," according to The Next Web.

French security researcher Kafeine, the first to find the flaw, saw that the exploit was being used on a major site, potentially affecting "hundreds of thousands" of visitors per day. Kafeine also saw that it has been incorporated into the BlackHole Exploit Kit and the Cool Exploit Kit, both used to spread malware onto other machines.

Kurt Baumgartner, a security expert for Kaspersky, claims that the exploit is already being used in advertisements on a wide range of sites, from news and weather services to adult sites.

By Electronista Staff
Post tools:




  1. daqman

    Junior Member

    Joined: 09-15-00

    All vey well but...

    This sounds like a nasty vulnerability but all of the sites I've looked at (like CERT) show screenshots, paths and other information that is Windows specific. Yes, I know Java runs on various platforms but it just isn't clear if the exploiters of the vulnerability are targeting Windows only or OSX also. Anyone have information?

    For some of us turning Java off is not an option since we have in-house Java code used on a daily basis.

  1. dechamp

    Fresh-Faced Recruit

    Joined: 01-12-10

    Turning off java is an option

    Oracle says it will patch the exploit on Tuesday. Who cares if it only affects certain OS's or just some machines? Oracle needs to research and improve Java anyway, and this will get them off their butts. I can certainly wait for safe programs, but then I spend almost all my time cleaning up the latest versions of the FBI Scam, and the latest fake Anti-Virus scams. My clients don't need the grief and can wait a couple of days.

    These sloppy 3rd party plugins like Adobe Flash and Oracle Java will have to get better or get gone.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...



Most Commented


Popular News