As a Java zero-day spreads, disclosure questions arise

Share this article:

A zero-day Java exploit is growing more prevalent now that it has been added to the BlackHole exploit kit, a popular, commercially available framework for delivering web attacks.

Kurt Baumgartner, a senior security researcher at security firm Kaspersky Lab, said Tuesday in a blog post that infections are becoming more common, spreading from their initial starting point in China to computers in the United States, Russia, Belarus and Germany, among other nations.

News of the ramp-up in attacks comes as researchers at penetration testing company Immunity disclosed Tuesday that the exploits actually are taking advantage of two unpatched vulnerabilities in Java 7 -- not just one, as originally was believed.

"[O]ne is used to obtain a reference to the "sun.awt.SunToolkit" class, and the other is used to invoke the public "getField" method on that class," Immunity developer Esteban Guillardoy wrote in a technical analysis of the bugs.

Every major browser is susceptible to the attack.

Nearly all security experts recommend that users disable or uninstall Java in the browser to protect themselves. For those still desiring to run the software platform, nonprofit DeepEnd Research has created an unofficial patch, and it is available upon request.

The zero-day also has reignited debate around vulnerability disclosure practices. Some in the security community are upset that researchers publicly linked to the exploit code -- it also was added to the Metasploit pen testing framework -- while others believe the full disclosure will force Oracle to act quickly to fix the issue. The company next is scheduled to release Java security updates Oct. 16.

An Oracle spokesman did not immediately respond to a request for comment.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.