On August 26th, 2012, security vendor Fireeye had published information about a new Java attack that originated in China and affected the latest version of the Java Runtime Environment (Java 7, version 1.7). The threat comes through your browser when you browse to a malicious site and allows the attacker to take complete control over your computer. US-CERT which is a part of the Department of Homeland Security warned on January 10th, 2013 of the serious flaw in the software.
The vulnerability has already been used to mount attacks and PC and Mac users have been prompted to disable Java on their computers until a solution is developed. Java is free software distributed by Oracle which inherited it when it acquired Sun Microsystems. The company didn’t comment on the exploits although we know that they knew about the vulnerabilities since April and was planning to release a patch in its October update.
In summary, there are 2 exploitable vulnerabilities which are affecting anything running on the latest version of Java, both of these are being used in active attacks and one is bundled with BlackHole which is a very popular and free security testing tool, and the worse part there’s no patch for either of the two. The flaw is used to enable features of certain websites to run on all computers regardless of the operating system, as highlighted by US-CERT which warned that, “This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems”.
Typically, Oracle releases fix for such vulnerabilities within a week or a month making it essential for computer users to act more quickly to disable the software, according to Jaime Blasco, research manager at Alien Vault Labs, an antivirus company which was alerted of the problem. The zero-day exploits are the most damaging for computer users as they involve flaws that have been already previously used to mount attacks before being identified by security experts or companies concerned.
Fireeye and other security firms have discovered that the attack is quite silent and its widespread deployment especially in an enterprise environment and the necessity of keeping older vulnerable versions around for backward compatibility has given the attackers the ideal environment to exploit targeted systems.
Mila Parkour, co-founder DeepEnd Research has stated in a blog post, “Oracle almost never issues out-of-cycle patches but hopefully they will consider it serious enough to do it this time”. Speed is of the essence now since the exploit has already started appearing in many tools used by attackers and offensive security experts such as The Metasploit Project which has released a module to exploit the vulnerability on all major platforms and browsers.
The exploit count has risen to four with the recent one being linked to the Red October Espionage Malware Campaign which was uncovered by Kaspersky Lab after five years of spying on diplomats, scientists and governments worldwide. The campaign is also using a Java exploit to infect its victims. According to Alien Vault, “A module has just been published for Metasploit, so it is time to disable Java in all your systems, and remember to search your logs for connections to the Domains/IPs related to this attack.”
Apart from this Firefox blocks / disabled Java Plugin and says “The Java plugin is causing significant security problems. All users are strongly recommended to keep the plugin disabled unless necessary.”
Here are a couple of instructions on how you can disable Java in your browser:
Disable Java on Google Chrome: Once you have opened Chrome browser, just type this or copy-paste this bold text chrome://plugins/ and find Java Plugin and then click on Disable and then you are done.
Disable Java in Firefox: Open browser, click on the main Firefox menu, then choose Add-ons and then select Plugins and find the Java plugin and then click on disable or else follow these official notes to disable Java in other browsers like Internet Explorer, Opera, and Safari: How do I disable Java in my web browser?