Dangerous vulnerability in latest Java version
Java logo The latest Java version, Java 7 Update 10 contains a critical security vulnerability which is reportedly already being used for large scale cyberattacks. Users who have Java installed on their computers should deactivate the Java plugin in their browsers without delay.
A malware researcher calling himself kafeine has discovered an online exploit which makes use of a previously unknown Java vulnerability. Security experts at AlienVault have analysed the exploit and confirmed the significance of the find. They were able to use it to inject code onto a fully patched Windows system running Java 7 Update 10. It is currently unclear whether the vulnerability is also present in Java 6, though the exploit did not work in initial tests on Java 6 carried out by kafeine.
The vulnerability is, however, already being exploited by cybercriminals to distribute malware. Security blogger Brian Krebs says that attack modules for the Black Hole and Nuclear Pack exploit kits are already available. According to Krebs, a Black Hole developer calling himself "Paunch", posting on underground forums yesterday (Wednesday), heralded the zero day exploit as a New Year's gift for his paying customers.
