0 day Java expliot in wild [Beware]
![[Prototype]](https://www.crazyengineers.com/img/avatars/default.svg){kind=small}
@prototype-G9Gn5k
•
Oct 21, 2024
Oct 21, 2024
1.1K
Security Researchers from FireEye have reported that a new Zero-day Java vulnerability is currently being exploited in a wild. The most of the recent Java run-time environments i.e., JRE 1.7x are vulnerable.From my own research, I've came to know that this exploit only works on Java 1.7 & later. However, downgrading the java is not a good solution as it may have bugs & other vulnerabilities.
Initially , Researchers discovered that this exploit hosted on named ok.XXX4.net. Currently this domain is resolving to an IP address in China.
A successful exploit attempt can result in a dropper (Dropper.MsPMs) getting installed on infected systems. The dropper executable is located on the same server.(#-Link-Snipped-#)
The Dropper.MsPMs connects to C&C domain hello.icon.pk which is currently resolving to an IP address 223.25.233.244 located in Singapore.
POC:
Metasploit researchers has developed a metasploit module that exploit this latest vulnerability and the source code is available in public(#-Link-Snipped-#).
Researchers successfully exploit a fully patched Windows 7 SP1 with Java 7 Update 6.They have also tested the module against the following environments:
Mozilla Firefox on Ubuntu Linux 10.04
Internet Explorer / Mozilla Firefox / Chrome on Windows XP
Internet Explorer / Mozilla Firefox on Windows Vista
Internet Explorer / Mozilla Firefox on Windows 7
Safar on OS X 10.7.4
Oh and btw, if you're already aware of the Java applets or the so called (by skids) Java Drive-by, this one doesn't require you to confirm any popup. You visit the website & you get infected without slightest of notification.
For now, the best possible option is to disable the java until the patch is released.
