Another Day Another Java 0-Day

Have you deactivated Java yet? What? You haven’t? C’mon, do it already!

FireEye

Or at the very least have your security settings for Java on ‘High’.

Because it seem like just lately you can’t go a week without another problem being detected with Java. Just a few days after two new vulnerabilities were discovered and we have another Java 0-day. This one – CVE-2013-1493 – has been discovered by FireEye:

“Through our Malware Protection Cloud (MPC), we detected a brand new Java zero-day vulnerability that was used to attack multiple customers. Specifically, we observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed.”
FireEye

After successful exploitation of the vulnerability a piece of malware known as McRat will be installed (see more details on VirusTotal).

“Upon successful exploitation, it will download a McRAT executable (MD5:b6c8ede9e2153f2a1e650dfa05b59b99 as svchost.jpg) from same server hosting the JAR file and then execute it.”
FireEye

Are you still using Java or have you ditched it completely due to all the security concerns?

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] have released an emergency patch to address the latest exploit targeting Java that was discovered a few days […]

  2. […] gives information on all the recent Java-related CVEs. The second links to a FireEye post about the most recent Java 0-day. The third asks “is it still a threat” (I’m not sure if they mean […]

Speak Your Mind

*