On August 26th, 2012, security vendor FireEye had published information about a new Java attack that originated in China and affected the latest version of the Java Runtime Environment (Java 7, version 1.7).
The threat comes through your browser when you browse to a malicious site and allows the attacker to take complete control over your computer. US-CERT, which is a part of the Department of Homeland Security, warned on January 10th, 2013, of the severe flaw in the software.
The vulnerability has already been used to mount attacks, and PC and Mac users have been prompted to disable Java on their computers until a solution is developed. Java is free software distributed by Oracle, which inherited it when it acquired Sun Microsystems.
The company didn’t comment on the exploits, although we know they knew about the vulnerabilities since April, and we’re planning to release a patch in its October update.
In summary, two exploitable vulnerabilities are affecting anything running on the latest version of Java; both of these are being used in active attacks, and one is bundled with BlackHole, which is a viral and free security testing tool, and the worse part there’s no patch for either of the two.
The flaw is used to enable features of certain websites to run on all computers regardless of the operating system, as highlighted by US-CERT, which warned that, “This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems.”
Typically, Oracle releases fix for such vulnerabilities within a week or a month, making it essential for computer users to act more quickly to disable the software, according to Jaime Blasco, research manager at Alien Vault Labs. This antivirus company was alerted of the problem.
The zero-day exploits are the most damaging for computer users. They involve flaws that have been previously used to mount attacks before being identified by security experts or companies concerned.
Fireeye and other security firms have discovered that the attack is relatively silent and its widespread deployment, especially in an enterprise environment, and the necessity of keeping older vulnerable versions around for backward compatibility has given the attackers the ideal climate to exploit targeted systems.
Mila Parkour, co-founder DeepEnd Research has stated in a blog post, “Oracle almost never issues out-of-cycle patches, but hopefully, they will consider it serious enough to do it this time”.
Speed is of the essence now since the exploit has already started appearing in many tools used by attackers and offensive security experts, such as The Metasploit Project, which has released a module to exploit the vulnerability on all major platforms and browsers.
The exploit count has risen to four. The recent one is linked to the Red October Espionage Malware Campaign, which Kaspersky Lab uncovered after five years of spying on diplomats, scientists, and governments worldwide.
The campaign is also using a Java exploit to infect its victims. According to Alien Vault, “A module has just been published for Metasploit, so it is time to disable Java in all your systems, and remember to search your logs for connections to the Domains/IPs related to this attack.”
Apart from this, Firefox blocks / disables Java Plugin and says, “The Java plugin is causing significant security problems. All users are strongly recommended to keep the plugin disabled unless necessary.”
Here are a couple of instructions on how you can disable Java in your browser:
Disable Java on Google Chrome: Once you have opened the Chrome browser, type this or copy-paste this bold text chrome://plugins/ and find Java Plugin and then click on Disable, and then you are done.
Disable Java in Firefox: Open browser, click on the main Firefox menu, then choose Add-ons and then select Plugins and find the Java plugin and then click on disable or else follow these official notes to disable Java in other browsers like Internet Explorer, Opera, and Safari: How do I disable Java in my web browser?