Pin It

Another Java Zero-Day Vulnerability Spotted In The Wild




So, you thought you were out of the woods with Java? Bad news. You aren't. Another Java zero-day vulnerability has been found in the wild by FireEye.

Java v1.6 and Java v1.7 Update 15 on browsers are being targeted this time around. The previously unknown and unpatched vulnerability exploits browsers to install a remote-access trojan named McRat.

McRat is a Windows Trojan therefore Windows users are prone to such an attack. It is not clear whether Mac and Linux users are at risk as well.

According to FireEye researchers;

We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to 'High' and do not execute any unknown Java applets outside of your organization.

If you are a Windows user and fear such an attack, we would suggest an uninstallation of Java because, as yet, there are no solutions to this problem.

The next security updates are scheduled for 16th April but Oracle will be forced to push an Emergency update in the light of current events.

Cheers!

About the Author:
This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!




Kindly Bookmark it and Share it with Friends:

2 comments :

Mehul Mohan on March 5, 2013 at 5:10 AM said...

Okay!

Samad Khan on March 5, 2013 at 6:01 AM said...

Lolz wat hpn to java... Everytime I check security blogs.. Java n highlight for patching exploits or vulnerable bugs...

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.