A previously unknown vulnerability in Java
is being used online by hackers, according to security researchers. The 0-day exploit has also reportedly been included in two malware toolkits used by hackers, with the best form of protection currently being to turn off the Java plug-in for all browsers until the hole is patched.
The US Computer Emergency Readiness Team has noted
that the vulnerability in Java 7 Update 10 could be used by a remote attacker to "execute arbitrary code on a vulnerable system" using a "specially crafted HTML document," according to The Next Web
French security researcher Kafeine
, the first to find the flaw, saw that the exploit was being used on a major site, potentially affecting "hundreds of thousands" of visitors per day. Kafeine also saw that it has been incorporated into the BlackHole Exploit Kit and the Cool Exploit Kit, both used to spread malware onto other machines.
Kurt Baumgartner, a security expert for Kaspersky, claims
that the exploit is already being used in advertisements on a wide range of sites, from news and weather services to adult sites.