Disable Java Browser Plugin, New 0-Day Vulnerability Under Attack

Zero-day Java ExploitIt’s starting to feel as if another day means another Java exploit will be found.

FireEye researchers are sounding the alarm after detecting a new Java zero-day vulnerability (CVE-2013-1493) that cybercriminals are actively exploiting in-the-wild.

The security flaw, which FireEye says was used to “attack multiple customers,” can be successfully exploited in browsers with Java 6 Update 41 and Java 7 Update 15 plugins installed.

FireEye researchers offered insight as to how the exploit works:

Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process.

After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.

Upon successful exploitation, it will download a McRAT executable (disguised as a file called svchost.jpg) from same server hosting the JAR file and then execute it.

One relatively good thing to note is that FireEye researchers did say that the exploit is not very reliable given the fact that it tries to overwrite a big chunk of memory, and although the payload is downloaded, it fails to execute and the JVM crashes.

In the event that the attack goes smoothly, McRAT malware (detected by Microsoft as Backdoor:Win32/Mdmbot.F) will be planted on the compromised system.

Keeping Your System Safe

FireEye notified Oracle of this new vulnerability, but advises customers to take one of the following courses of action until a patch is released:

  • Disable the Java plugin in your web browsers, or;
  • Set Java security settings to “High” and do not execute any untrusted Java applets.

Aside from that, it is also recommended that users always run antivirus software on their computers and keep the virus definitions current given that 27/46 antivirus programs are capable of detecting the threat associated with this attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

This entry was posted in Computer Security, malware, technology and tagged , , , , , .
Follow any comments here with the RSS feed for this post. Trackbacks are closed, but you can post a comment.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5