Another Java exploit spreading

Share this article:

In what has become a familiar refrain, security researchers have spotted another Java zero-day vulnerability under active attack.

Network security company FireEye said the vulnerability being exploited in the wild is present in the most up-to-date versions of Java SE software: version 6 Update 41 and version 7 Update 15, researchers Darien Kindlund and Yichong Lin wrote in a blog posted Thursday.

"Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM (Java Virtual Machine) process," they wrote. "After triggering the vulnerability, [the] exploit is looking for the memory which holds JVM internal data structure, like if Security Manager is enabled or not, and then overwrites the chunk of memory as zero...The exploit is not very reliable, as it tries to overwrite a big chunk of memory. As a result, in most cases, upon exploitation, we can still see the payload downloading, but it fails to execute and yields a JVM crash."

If the payload does execute, users' computers will be hit with a "McRAT" executable.

For some time, security experts have recommended users disable Java for the browser, as it has served as a vector for repeated attacks. In fact, Oracle, which maintains Java, just last month updated the technology to resolve a vulnerability that was leading to targeted exploits. 

"Our recommendation is to uninstall Java from the desktop if possible," wrote Wolfgang Kandez, CTO of vulnerability and compliance management firm Qualys, in a Friday blog post. "Otherwise disconnect Java from the browser, which recent versions of Java have made much easier."

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.