Java zero day allegedly spotted in the wild

Java zero day allegedly spotted in the wild

Summary: Security researchers have allegedly spotted a zero day vulnerability that affects the latest version of the Java Runtime Environment.

SHARE:

FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.

Researcher Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China. A quick search showed that the server at this IP address had been responsible for serving other forms of malware in the past. At the time of writing, the server was either refusing or being non-responsive to browser requests, but it is still online.

Previously, potential victims would be directed to the site, where a malicious applet exploited the zero day and forced a dropper application to be downloaded from the same server and installed on the system. According to Mushtaq, from here, the dropper contacted a command and control server located in Singapore. Although he did not elaborate on the malware's behaviour after that, such compromised computers can go on to become drones in the malware owners' botnets.

Mushtaq was able to successfully test the exploit on a test machine running Firefox and the latest version of Java. He warned that it would be only a matter of time before a proof of concept was released for anyone to exploit the vulnerability, but it appears to have happened already. ZDNet has sighted what appears to be working code, which makes a direct reference Mushtaq's post in its comments.

Given that the latest version of the Java Runtime Environment (Version 7 Update 6, as of writing) is vulnerable, concerned users who believe they might be at risk may wish to temporarily disable or uninstall Java, until Oracle is able to confirm the vulnerability and issue a patch.

Topics: Security, Oracle, China, Singapore

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • tsk

    You might as well recommend that everyone uninstall Java and Flash, and then use a proxy to render the webpage so that the remote server gets compromised instead of your own. Pssht, yeah right.
    Vapur9