Have you deactivated Java yet? What? You haven’t? C’mon, do it already!
Or at the very least have your security settings for Java on ‘High’.
Because it seem like just lately you can’t go a week without another problem being detected with Java. Just a few days after two new vulnerabilities were discovered and we have another Java 0-day. This one – CVE-2013-1493 – has been discovered by FireEye:
“Through our Malware Protection Cloud (MPC), we detected a brand new Java zero-day vulnerability that was used to attack multiple customers. Specifically, we observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed.”
After successful exploitation of the vulnerability a piece of malware known as McRat will be installed (see more details on VirusTotal).
“Upon successful exploitation, it will download a McRAT executable (MD5:b6c8ede9e2153f2a1e650dfa05b59b99 as svchost.jpg) from same server hosting the JAR file and then execute it.”
Are you still using Java or have you ditched it completely due to all the security concerns?