Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero day Java exploit in wild. "Unpatched Java exploit spreads like wildfire"


  • Please log in to reply
9 replies to this topic

#1 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:29 AM

Posted 28 August 2012 - 09:13 AM

New zero day vulnerability in Java.

Article by Sophos.
http://nakedsecurity.sophos.com/2012/08/28/unpatched-java-exploit-spreads-like-wildfire/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=080ad38316-naked%252Bsecurity

Within days of its discovery it appears that a new zero day flaw in Java could soon be in widespread use.

FireEye first reported on the flaw being used in a targeted attack originating from a Chinese web server. The web page hosting the exploit is timestamped August 22nd, 2012.

The flaw affects all versions of Oracle's Java 7 (version 1.7) on all supported platforms. Java 6 and earlier are unaffected. No patch is available at this time.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


BC AdBot (Login to Remove)

 


#2 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:01:29 AM

Posted 28 August 2012 - 12:05 PM

Thank you for keeping a watch for these types of things and informing us.

#3 n2fc

n2fc

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:29 AM

Posted 30 August 2012 - 07:42 PM

Great article below contains suggestions on how to deal with this issue:

https://www.infoworld.com/d/security/6-ways-protect-against-the-new-actively-exploited-java-vulnerability-201174?source=IFWNLE_nlt_sec_2012-08-30

Simplest way is to UNINSTALL JAVA 7 and replace it with JAVA 6 (latest update for JAVA 6 is 34).

#4 pollyparrot

pollyparrot

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:06:29 AM

Posted 31 August 2012 - 06:41 AM

Patch released

http://www.oracle.com/technetwork/java/javase/downloads/index.html

Hope its ok to post it
"Only two things are infinite:The Universe and human stupidity. And I am not so sure about the former."-Einstein

#5 n2fc

n2fc

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:29 AM

Posted 31 August 2012 - 04:41 PM

Patch released

http://www.oracle.com/technetwork/java/javase/downloads/index.html

... thereby turning 0-day into 5-day!

Installed & hope it fixes this issue!

Thanks for the heads up!

#6 Winterland

Winterland

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:12:29 AM

Posted 01 September 2012 - 04:48 AM

All, thanks for the information and the links, esp. from the OP (dev00790).


There are a bunch of good reasons to be here at BC and this is just one more.


Cheers,

Winterland

Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#7 Pajajn

Pajajn

  • Members
  • 357 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:01:29 AM

Posted 01 September 2012 - 06:18 PM

Why does school's and such bleep force everyone using Java when viruses and bleep spreads like "wildfire" ;) i can't just believe how retarded they are.

1. In a universary school / adult school there is alooot of people using their passwords and such daily = one major thing?
2. Java , PDF, old microsoft word copies etc makes it kinda easy to exploit..

I never install such crap on my home computer and im on every site friends and "foo'es" linking to me and never get's infected by drive-by stuff and such bullbleep.

My dad gets oftenly though ^^

#8 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:10:29 PM

Posted 03 September 2012 - 11:59 AM

@Dev - Thanks for posting this, I had a user send me the US-CERT warning and it sounded pretty ominous, glad to see it's resolved already! :clapping:

@n2fc - This just goes to show why you should have "click-to-run" enabled in your browser, I did not realize this feature was available in Firefox, I am enabling it now!

FYI for those who didn't read the article n2fc put up, Chrome supports Click-to-Play in the advanced settings, and Firefox 14+ supports it as an advanced feature in about:config. Change "plugins.click_to_play flag" to "true" to enable the feature.
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#9 n2fc

n2fc

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:29 AM

Posted 04 September 2012 - 06:41 AM

Here we go again: Critical flaw found in just-patched Java

Emergency fix rushed out half-baked


http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/

#10 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:10:29 PM

Posted 04 September 2012 - 11:22 AM

Here we go again: Critical flaw found in just-patched Java

Emergency fix rushed out half-baked


http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/

I am hoping that although the news sites feel that Oracle will not release a patch, the fact that this exploit can affect ANY version of their product will push the release of any patches as they are created! According to Sophos, "Oracle officially fixed four CVEs, presumably covering five vulnerabilities." IMHO that's not bad for a company that usually does not release out-of-cycle patches.

The question is: how does that patch work against the new campaign mimicking the recent Microsoft terms of service e-mail?

I tried out the click-to-play options in Firefox and Chrome, and I think it's a way better experience, my tablet always did this and I am happy to have it in my browser. I was looking for a way to replicate the experience in IE9, but I have not had a chance to test it yet, I am hoping you can do the same with Java as Adobe Flash in that article.

Interested to see how this develops!
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users