Threat of the month: Java zero-day
Threat of the month: pdf.exe.zip files
What is it?
Yet another zero-day vulnerability in Java Runtime Environment (JRE) that allows remote code execution via browsers.
How does it work?
It can be triggered by a user simply viewing a web page embedding malicious Java content.
Should I be worried?
Yes, many of the Java vulnerabilities being exploited are types of errors that allow code execution in a completely reliable manner.
How can I prevent it?
Users should upgrade to Java 7 Update 13, which Oracle released in early February – 18 days prior to its scheduled release – in response to reports of the vulnerability being actively exploited. This latest update addresses 50 vulnerabilities for Java SE products. One of these is the new zero-day, though it is currently unclear which one. As attacks targeting Java are increasing, and we could see new zero-days in the immediate future, users should also disable Java in browsers by default, only enabling it for trusted websites when needed.