Another Java Zero-Day Vulnerability Spotted In The Wild
So, you thought you were out of the woods with Java? Bad news. You aren't. Another Java zero-day vulnerability has been found in the wild by FireEye.
Java v1.6 and Java v1.7 Update 15 on browsers are being targeted this time around. The previously unknown and unpatched vulnerability exploits browsers to install a remote-access trojan named McRat.
McRat is a Windows Trojan therefore Windows users are prone to such an attack. It is not clear whether Mac and Linux users are at risk as well.
According to FireEye researchers;
We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to 'High' and do not execute any unknown Java applets outside of your organization.
If you are a Windows user and fear such an attack, we would suggest an uninstallation of Java because, as yet, there are no solutions to this problem.
The next security updates are scheduled for 16th April but Oracle will be forced to push an Emergency update in the light of current events.
About the Author:
This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.