Another Java exploit spreading

Share this article:

In what has become a familiar refrain, security researchers have spotted another Java zero-day vulnerability under active attack.

Network security company FireEye said the vulnerability being exploited in the wild is present in the most up-to-date versions of Java SE software: version 6 Update 41 and version 7 Update 15, researchers Darien Kindlund and Yichong Lin wrote in a blog posted Thursday.

"Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM (Java Virtual Machine) process," they wrote. "After triggering the vulnerability, [the] exploit is looking for the memory which holds JVM internal data structure, like if Security Manager is enabled or not, and then overwrites the chunk of memory as zero...The exploit is not very reliable, as it tries to overwrite a big chunk of memory. As a result, in most cases, upon exploitation, we can still see the payload downloading, but it fails to execute and yields a JVM crash."

If the payload does execute, users' computers will be hit with a "McRAT" executable.

For some time, security experts have recommended users disable Java for the browser, as it has served as a vector for repeated attacks. In fact, Oracle, which maintains Java, just last month updated the technology to resolve a vulnerability that was leading to targeted exploits. 

"Our recommendation is to uninstall Java from the desktop if possible," wrote Wolfgang Kandez, CTO of vulnerability and compliance management firm Qualys, in a Friday blog post. "Otherwise disconnect Java from the browser, which recent versions of Java have made much easier."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.