After a massive Java 0-day vulnerability surfaced in August 2012, Oracle released an out-of-cycle update to combat the exploit. However, we advised our readers to simply disable Java on their web browsers to avoid the threat. Java has now become a highly vulnerable program that causes more trouble than it is worth and this is highlighted by the fact that yet another 0-day Java vulnerability has surfaced.
Apparently, this latest exploit was put up for sale over an anonymous underground forum where the seller invited bids and claimed that the kit would only be sold twice. It is believed that the reason behind this is if there are only 2 buyers, it will take a longer time for the code to be detected by system protection software agencies. However, one of the potential buyers leaked this information and this has the computing world racing to disable Java at the earliest. The exploit kit allows an attacker to plant malicious Java applets in websites. These applets then invade machines as drive-by downloads when an unsuspecting victim visits a compromised website.
A series of Java security holes
This piece of news follows close behind reports that Oracle just released a new security patch (Java 7 Update 11) a couple of days back. This patch was designed to combat a security flaw (CVE-2013-0422) that was being exploited by Blackhole and Nuclear Pack, 2 crimeware products that compete against each other. Blackhole recently informed its users that they had an undiscovered Java security hole which they would offer as a New Year’s present for their customers. Nuclear Pack soon made the same announcement and this prompted immediate action from Oracle to patch Java.
In the midst of all this, we recommend that you completely disable Java from the web browser that you use. Malware writers are creating threats against Java with an alarming regularity so you should only enable this program if it is absolutely essential. You can learn how to disable Java on various browsers through this post.
Quick Heal 2013 provides the Browser Sandbox feature that actively blocks 0-day threats. However, it is still recommended to disable Java completely to avoid such threats now and in the future.