0 day Java expliot in wild [Beware]
Security Researchers from FireEye have reported that a new Zero-day Java vulnerability is currently being exploited in a wild. The most of the recent Java run-time environments i.e., JRE 1.7x are vulnerable.From my own research, I've came to know that this exploit only works on Java 1.7 & later. However, downgrading the java is not a good solution as it may have bugs & other vulnerabilities.
Initially , Researchers discovered that this exploit hosted on named ok.XXX4.net. Currently this domain is resolving to an IP address in China.
A successful exploit attempt can result in a dropper (Dropper.MsPMs) getting installed on infected systems. The dropper executable is located on the same server.(#-Link-Snipped-#)
The Dropper.MsPMs connects to C&C domain hello.icon.pk which is currently resolving to an IP address 223.25.233.244 located in Singapore.
POC:
Metasploit researchers has developed a metasploit module that exploit this latest vulnerability and the source code is available in public(#-Link-Snipped-#).
Researchers successfully exploit a fully patched Windows 7 SP1 with Java 7 Update 6.They have also tested the module against the following environments:
Mozilla Firefox on Ubuntu Linux 10.04
Internet Explorer / Mozilla Firefox / Chrome on Windows XP
Internet Explorer / Mozilla Firefox on Windows Vista
Internet Explorer / Mozilla Firefox on Windows 7
Safar on OS X 10.7.4
Oh and btw, if you're already aware of the Java applets or the so called (by skids) Java Drive-by, this one doesn't require you to confirm any popup. You visit the website & you get infected without slightest of notification.
For now, the best possible option is to disable the java until the patch is released.
Replies
-
Anoop KumarYesterday I read about this...
There is no malware in latest update but it can expose you to hackers.
Suggestion given is 'don't update browser Java plugin'. -
[Prototype]
To clear up, its just a vulnerability in Java 1.7+ which allows the remote attacker to execute arbitrary code on the victims computer without any intervention.ianoopYesterday I read about this...
There is no malware in latest update but it can expose you to hackers.
Suggestion given is 'don't update browser Java plugin'.
The version that's required for this attack is already released and used by the consumers. The last update itself i.e. 1.7.0.6 has been released 2 weeks ago which is a long time.
The first release of JRE 1.7.0.0 (which is vulnerable) is 1 year back i.e. on 1st Aug 2011 so almost everyone is vulnerable to exploit at this moment.
There's no malware in the Java itself & there cannot be any because Java comes from oracle. -
Kaustubh KatdareThis: #-Link-Snipped-#
-
[Prototype]Patch has been released to fix this vulnerability. Its recommended for everyone to install it asap.
Release notes:
#-Link-Snipped-#
Download:
#-Link-Snipped-#
You are reading an archived discussion.
Related Posts
what are all the basics required to do final year project in dcs?????
My query is that i have to known only size and area of cable.
for example area is 120 sq. m. and size is 120 m. then how i can...
I'm new to GE Cimplicity HMI. I'm trying to do it by myself. Is there anyone who could help me to understand the Cimplicity HMI. If someone had already worked...
i m looking for a good book of production technology which covers all the advance topic too with thorough details.......can any CEians help me out there..?
Can anyone tell me , how i cn start with hibernate with eclipse... the internet material is little complicated specially while creating xml files...and application should be running(it can be...