Another Java exploit spreading
In what has become a familiar refrain, security researchers have spotted another Java zero-day vulnerability under active attack.
Network security company FireEye said the vulnerability being exploited in the wild is present in the most up-to-date versions of Java SE software: version 6 Update 41 and version 7 Update 15, researchers Darien Kindlund and Yichong Lin wrote in a blog posted Thursday.
"Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM (Java Virtual Machine) process," they wrote. "After triggering the vulnerability, [the] exploit is looking for the memory which holds JVM internal data structure, like if Security Manager is enabled or not, and then overwrites the chunk of memory as zero...The exploit is not very reliable, as it tries to overwrite a big chunk of memory. As a result, in most cases, upon exploitation, we can still see the payload downloading, but it fails to execute and yields a JVM crash."
If the payload does execute, users' computers will be hit with a "McRAT" executable.
For some time, security experts have recommended users disable Java for the browser, as it has served as a vector for repeated attacks. In fact, Oracle, which maintains Java, just last month updated the technology to resolve a vulnerability that was leading to targeted exploits.
"Our recommendation is to uninstall Java from the desktop if possible," wrote Wolfgang Kandez, CTO of vulnerability and compliance management firm Qualys, in a Friday blog post. "Otherwise disconnect Java from the browser, which recent versions of Java have made much easier."