Java Gets Hit With A Zero-Day Exploit

Java is in everything. It’s in your browser at this very moment. The Java plug-in that is powering a lot of the Web also features one nasty exploit. The latest zero-day exploit should remain a t...
Java Gets Hit With A Zero-Day Exploit
Written by

Java is in everything. It’s in your browser at this very moment. The Java plug-in that is powering a lot of the Web also features one nasty exploit. The latest zero-day exploit should remain a topic of concern.

The folks at FireEye security detected a Java vulnerability yesterday. The exploit affects Java 7 (1.7) update 0 to 6. Anything below is unaffected. Unfortunately for most computer users and businesses, they are already on Java 7.

So is there a fix? At the time of writing, Oracle has not patched Java yet. The only solution for now is to disable Java in your Web browser or download a third-party patch. Here’s the details of the exploit from Deepend Research:

1. The javascript in index.html is heavily obfuscated.

2. This vulnerability affects Java 7 (1.7) Update 0 to 6. Does NOT affect Java 6 and below.

3. It works in all versions of Internet Explorer, Firefox, and Opera. Does NOT work in Chrome. (Update: The original exploit we tested did not affect Chrome. We did not test Metasploit but reports are that their version works. All hackers and exploit kit makers now can use a freely available Metasploit module and you can expect a huge wave of drive-by attacks as well as email links. To be safe, perhaps best approach is not to use Java or patch it.)

3. It does not crash browsers (which does NOT mean it does not work!), the landing page looks like a blank page, sometimes one may see a flash of a rotating Java logo and the word “Loading”

5. The malicious Java applet is downloaded. At this point, if your system is not vulnerable or is patched, the attack stops. From the user perspective, it is impossible to tell if the attack was successful or not.

6. If the exploit is successful, it downloads and executes a malicious binary, which calls to another IP address/domain hello.icon.pk / 223.25.233.244

7. Although older Java is not vulnerable to this attack, downgrading is not recommended due to many other vulnerabilities in the older versions of Java.

8. Disable Java in your browser.

The folks at Deepend Research have created an unofficial patch but they’re reserving it for companies who need it to protect their employees or users. Regular end users should just disable Java on their machines until Oracle can push a patch through.

For the time being, we’re at the mercy of Oracle. Here’s hoping they patch Java before the next scheduled patch date of October 16. A lot of users and businesses may be affected by the exploit without even knowing it.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us