Researchers discover new Java vulnerability

Security

by CBR Staff Writer| 11 January 2013

Could allow a remote, unauthenticated attacker to execute arbitrary code.

Security researchers have discovered a new vulnerability in the latest Java version, Java 7 Update 10, and in earlier versions of the software which could give attackers access to users' computers.

The US Computer Emergency Readiness Team (US-CERT) confirmed that Java 7 Update 10 and earlier versions contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

According to US-CERT, the vulnerability, which is already reportedly being attacked in the wild (meaning cyber criminals could target unpatched systems), is also incorporated in exploit kits, and the exploit code for the vulnerability is also publicly available.

US-CERT said it is currently unaware of a practical solution to this problem, although starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet.

It was 'Kafeine', a blogger, who brought the flaw to the notice of US-CERT.

AlienVault Labs manager Jaime Blasco said his company was able to reproduce an attack with the exploit against a fully patched Java platform.

Blasco said: "The Java file is highly obfuscated but based on the quick analysis we did the exploit is probably bypassing certain security checks tricking the permissions of certain Java classes."

In December 2011, researchers at M86 warned that exploits for a Java vulnerability are already available in the wild.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

716 people like this.
1551 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.