According to a post on FireEye’s blog, there is a new zero day exploit which targets the latest version of Java.
Researcher Atif Mushtaq says,
“New Java zero-day vulnerability has been spotted in the wild. We have seen this unpatched exploit being used in limited targeted attacks. Most of the recent Java run-time environments i.e., JRE 1.7x are vulnerable. In my lab environment, I was able to successfully exploit my test machine against latest version of FireFox with JRE version 1.7 update 6 installed.”
He also pointed out that the initial exploit was discovered on a server in China and that, at the time of writing, was still fully functional. He also discovered that this server has been responsible for serving malware in the past.
FireEye continue to investigate and more details should be forthcoming in the near future –
“It’s just a matter of time that a POC will be released and other bad guys will get hold of this exploit as well. It will be interesting to see when Oracle plans for a patch, until then most of the Java users are at the mercy of this exploit. Our investigation is not over yet; more details will be shared on a periodic basis.”
Until then it may be advisable to assess how essential Java is to your operation. If it is not absolutely critical (and for most home users it isn’t) then it may be worth uninstalling it, at least on a temporary basis. Otherwise keep your eyes open for a patch and implement it as soon as it becomes available.