Disable Java to protect from latest zero-day

News

Disable Java to protect from latest zero-day

Warwick Ashford

Security researchers are warning of a zero-day vulnerability in all versions of Java, including the latest Java 7 update 10.

The vulnerability can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Exploits, which affect computers running Java in browsers on Windows, Mac OS X or Linux, have already been found on compromised websites and are capable of infecting visitors' PCs with malware.

The Blackhole and Nuclear Pack exploit kits are using this vulnerability in the wild, according to researchers at security firm Alien Vault.

In a blog post, Jaime Blasco, head of labs, said he was able to reproduce the exploit in a fully patched new installation of Java.

"The Java file is highly obfuscated but, based on the quick analysis AlienVault did, the exploit is probably bypassing certain security checks tricking the permissions of certain Java classes as we saw in CVE-2012-4681,” he wrote.

The US CERT said: “By leveraging unspecified vulnerabilities involving Java Management Extensions (JMX) MBean components and sun.org.mozilla.javascript.internal objects, an untrusted Java applet can escalate its privileges by calling the  setSecurityManager() function to allow full privileges, without requiring code signing.

According to Blasco, the exploit is the same as the zero-day vulnerabilities seen in the past year in IE, Java and Flash.

“The hacker can virtually own your computer if you visit a malicious link thanks to this new vulnerability,” he said.

Avoid attacks by disabling Java

Security researchers agree that until a security update is available for Java from Oracle, the best way to avoid attacks exploiting this vulnerability is to disable Java.

The US CERT points out that in Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet.

The Java plug-in is popular with hackers as a means of carrying out drive-by download attacks through compromised websites.

Drive-by download attacks are set to remain a top attack method in 2013, according to the latest threat report from the European Union (EU) cyber security agency, Enisa.

In part, the popularity of drive-by attacks can be attributed to the fact that they are invisible and can be launched through links and malicious code on compromised legitimate websites.

But beyond that, drive-by attacks are becoming easier to carry out because of the increasing availability of exploit kits, according to Tim Rains, director of Microsoft Trustworthy Computing.

“For large enterprises, it has always been a challenge to keep all software and systems up to date and to ensure they have all the latest security improvements,” he said.

On top of this challenge, few organisations are able to say if all versions of a targeted piece of software have been patched.

“While they may understand the need to keep Java up to date, they may not realise they have several versions of Java running in their environment that need to be updated continually,” said Rains.

Attackers are taking advantage of these gaps around the world, including the UK where drive-by attacks have crept into the top 10 threats in the past two years.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy