Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java is still exploitable and is likely going to remain so.

Published: 2013-01-10
Last Updated: 2013-01-10 15:40:42 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

We haven't had an unpatched Java vulnerability in a while (a month?). To make up for this lack of Java exploitability, the creators of the Blackhole and Nuclear exploit pack included an exploit for a new, unpatched, Java vulnerability in their latest release [1]. The exploit has been seen on various compromissed sites serving up the exploit kit. The latest version of Java 7 is vulnerable [2].

Leave Java disabled (I am not going to recommend to disable it. If you still have it enabled, you probably have an urgent business need for it and can't disable it)

If you have any business critical applications that require Java: try to find a replacement. I don't think this will be the last flaw, and the focus on Java from people behind exploit kits like blackhole is likely going to lead to additional exploits down the road.

[1] https://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
[2] http://malware.dontneedcoffee.com

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: java
4 comment(s)
Diary Archives