Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Java zero-day exploit seen in malicious advertising

Java zero-day exploit seen in malicious advertising
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jan 10, 2013, 05:31 PM
 
A previously unknown vulnerability in Java is being used online by hackers, according to security researchers. The 0-day exploit has also reportedly been included in two malware toolkits used by hackers, with the best form of protection currently being to turn off the Java plug-in for all browsers until the hole is patched.

The US Computer Emergency Readiness Team has noted that the vulnerability in Java 7 Update 10 could be used by a remote attacker to "execute arbitrary code on a vulnerable system" using a "specially crafted HTML document," according to The Next Web. French security researcher Kafeine, the first to find the flaw, saw that the exploit was being used on a major site, potentially affecting "hundreds of thousands" of visitors per day. Kafeine also saw that it has been incorporated into the BlackHole Exploit Kit and the Cool Exploit Kit, both used to spread malware onto other machines. Kurt Baumgartner, a security expert for Kaspersky, claims that the exploit is already being used in advertisements on a wide range of sites, from news and weather services to adult sites.
( Last edited by NewsPoster; Jan 10, 2013 at 05:31 PM. )
     
daqman
Forum Regular
Join Date: Sep 2000
Location: Newport News,VA,USA
Status: Offline
Reply With Quote
Jan 11, 2013, 10:01 AM
 
This sounds like a nasty vulnerability but all of the sites I've looked at (like CERT) show screenshots, paths and other information that is Windows specific. Yes, I know Java runs on various platforms but it just isn't clear if the exploiters of the vulnerability are targeting Windows only or OSX also. Anyone have information?

For some of us turning Java off is not an option since we have in-house Java code used on a daily basis.
Beware of geeks bearing Gifs
     
dechamp
Fresh-Faced Recruit
Join Date: Jan 2010
Status: Offline
Reply With Quote
Jan 12, 2013, 04:14 AM
 
Oracle says it will patch the exploit on Tuesday. Who cares if it only affects certain OS's or just some machines? Oracle needs to research and improve Java anyway, and this will get them off their butts. I can certainly wait for safe programs, but then I spend almost all my time cleaning up the latest versions of the FBI Scam, and the latest fake Anti-Virus scams. My clients don't need the grief and can wait a couple of days.

These sloppy 3rd party plugins like Adobe Flash and Oracle Java will have to get better or get gone.
     
   
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 02:23 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,