Yet another zero-day vulnerability in Java has reared its ugly head, and according to security researchers, early indications suggest it is already being 'widely exploited' by malicious sites.
A researcher going by the name @kafeine first spotted the exploit in action and noted it's being used by a number of sites to silently install malware in drive-by download attacks. According to reports, one particular group is even using the exploit to install ransomware on affected PCs.
Kafeine notified security firm AlienVault labs, which has independently verified that the exploit exists. What's more, it's already been added to a number of exploit toolkits such as Blackhole and Nuclear Pack, making it easy for criminals to deploy. The exploit is specific to Java 7 and there is no fix for it at the moment, although Oracle says it's working on it. There’s still no word on how long it's going to take.
Right now the only way to protect your machine against this exploit is disabling the Java browser plugin. Others, including US-CERT (United States Computer Emergency Readiness Team) have given the same advice, or recommended the more drastic measure of uninstalling Java entirely.
{[['
']]}
']]}
0 comments :
Post a Comment