Hot Off the Web: New Java 0-Day Vulnerability

August 28, 2012 by  
Filed under Security News

Views 2,015 views  
FaceBook Logo FB Comments
Comments 13 Comments


The latest buzz on security and vulnerability these past few days revolves around Java, a software development platform originally created by Sun Microsystems and now owned by Oracle. Websites often run Java programs in them, normally as applets (.jar), in order to “provide interactive features to web applications that cannot be provided by HTML alone”. Initial reports reveal that the exploit used to take advantage of the vulnerability found in Java 7—version 1.7, updates 0 to 6—is an applet called applet.jar (Note that names of malicious files can change in the future).

Our friends at FireEye first uncovered the new 0-day Java Runtime Environment (JRE) vulnerability being exploited in the wild. It is leveraged by online criminals to perform targeted attacks, regardless of the Internet browser used or how updated it is. “The number of these attacks has been relatively low, but it is likely to increase due to the fact that this is a fast and reliable exploit that can be used in drive-by attacks and all kinds of links in emails.” said Andre’ M. DiMino and Mila Parkour of DeepEnd Research in their blog entry. An official patch from Oracle is yet to be released; however, our friends at DeepEnd are distributing a temporary fix, courtesy of Michael Schier, to system administrators only and by request. The said patch allows the execution of the exploit but stops the payload.

Once the vulnerability is successfully exploited, a binary is dropped on the compromised system. Based on initial reports, the binary is hi.exe (MD5: 4a55bf1448262bf71707eef7fc168f7d), whichGFI VIPRE Antivirus already detects as Trojan.Win32.Generic!BT.

Although earlier releases of Java do not have the said JRE vulnerability, security researchers advised against downgrading to versions 1.6 and below as flaws inherent to those versions can still affect users. Instead, users are advised to disable Java on their browser for the time being until an official patch is made available. It is expected in October based on their triannual Java patch release schedule.

Stay safe!

Jovi Umawing @ (SOURCE)

FaceBook Comments


13 Responses to “Hot Off the Web: New Java 0-Day Vulnerability”
  1. I want to know the reasons why you titled this particular post,
    “Hot Off the Web: New Java 0-Day Vulnerability | Virus Experts – We Make Your Digital Life Secured”.
    Anyway I personally admired it!Regards,Hubert

  2. You actually make it seem so easy along with your presentation however I find
    this matter to be actually something that I believe I would never understand.

    It sort of feels too complex and extremely vast for me.
    I am having a look forward to your next put
    up, I will try to get the grasp of it!

  3. Ericka says:

    Greetings I am so delighted I found your web site, I really
    found you by accident, while I was researching on Google for something else,
    Anyways I am here now and would just like to say cheers for a incredible post and a all round interesting blog (I also love the theme/design), I don’t have time to
    look over it all at the minute but I have saved it and also
    added your RSS feeds, so when I have time I will be back to read more, Please
    do keep up the superb b.

  4. A person necessarily assist to make significantly
    articles I would state. This is the first time I
    frequented your website page and to this point? I surprised with the
    research you made to create this actual post amazing. Fantastic process!

  5. Hi there everyone, it’s my first visit at this website, and post is actually fruitful in favor of me, keep up posting such posts.

  6. I think the admin of this website is truly working hard in favor of his site,
    for the reason that here every stuff is quality based information.

  7. What i don’t understood is actually how you’re not really much more neatly-preferred
    than you may be now. You are very intelligent. You realize therefore significantly
    when it comes to this subject, produced me in my
    opinion imagine it from a lot of various angles.
    Its like women and men are not interested except it is one thing to accomplish with Woman gaga!

    Your own stuffs great. Always handle it up!

  8. Everything is very open with a really clear clarification of the challenges.
    It was definitely informative. Your website is very
    helpful. Many thanks for sharing!

  9. Excellent blog you have got here.. It’s difficult to find high-quality writing like yours these days. I really appreciate individuals like you! Take care!!

  10. The other day, while I was at work, my cousin stole my
    iPad and tested to see if it can survive a forty foot drop,
    just so she can be a youtube sensation. My apple ipad is now destroyed
    and she has 83 views. I know this is completely off topic but I had to share it with someone!

  11. Every weekend i used to pay a quick visit this site,
    because i wish for enjoyment, as this this web page conations truly pleasant funny
    stuff too.

  12. Brandie says:

    When someone writes an article he/she retains the thought of a user in his/her mind that how a
    user can be aware of it. Therefore that’s wwhy this paragraph is outstdanding.

  13. When people are sharing a good big laugh, they are in the moment of love, and truly in one with the higher Divine.
    You have probably heard of the great Law of Attraction before and how you attract into
    your life, people, circumstances and situations in proportion to the thoughts you entertain within your
    mind. If you are scoping the cause, and
    the vibration changes or disappears as speed is increased, you can eliminate
    RPM as the problem.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!