Another Java exploit spreading

Share this article:

In what has become a familiar refrain, security researchers have spotted another Java zero-day vulnerability under active attack.

Network security company FireEye said the vulnerability being exploited in the wild is present in the most up-to-date versions of Java SE software: version 6 Update 41 and version 7 Update 15, researchers Darien Kindlund and Yichong Lin wrote in a blog posted Thursday.

"Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM (Java Virtual Machine) process," they wrote. "After triggering the vulnerability, [the] exploit is looking for the memory which holds JVM internal data structure, like if Security Manager is enabled or not, and then overwrites the chunk of memory as zero...The exploit is not very reliable, as it tries to overwrite a big chunk of memory. As a result, in most cases, upon exploitation, we can still see the payload downloading, but it fails to execute and yields a JVM crash."

If the payload does execute, users' computers will be hit with a "McRAT" executable.

For some time, security experts have recommended users disable Java for the browser, as it has served as a vector for repeated attacks. In fact, Oracle, which maintains Java, just last month updated the technology to resolve a vulnerability that was leading to targeted exploits. 

"Our recommendation is to uninstall Java from the desktop if possible," wrote Wolfgang Kandez, CTO of vulnerability and compliance management firm Qualys, in a Friday blog post. "Otherwise disconnect Java from the browser, which recent versions of Java have made much easier."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.