FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.Researcher. Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China.
The vulnerability allows computers to be infected by simply visiting a specially crafted web page, and the malware served in the current attacks contacts a C&C server in Singapore. Researchers from heise Security have also created a PoC page using information that is publicly available.
A separate post published on Monday by researchers Andre M. DiMino and Mila Parkour said the number of attacks, which appear to install the Poison Ivy Remote Access Trojan, were low. But they went on to note that the typical delay in issuing Java patches, combined with the circulation of exploit code, meant it was only a matter of time until the vulnerability is exploited more widely by other attackers.
Developers at vulnerability management company Rapid7, which owns the Metasploit Project, on Sunday added the exploit to their penetration testing framework. And the exploit is expected to show up if it hasn't already in the widely used BlackHole exploit toolkit, one of the most popular threats on the web.
"This vulnerability is not a 'memory corruption' type vulnerability, but instead seems to be a security bypass issue that allows running untrusted code outside the sandbox without user interaction," Eiram said. "In this specific case a file is downloaded and executed on the user's system when just visiting a web page hosting a malicious applet."
It's not clear when Oracle will release a patch for this vulnerability. The company did not immediately respond to a request for comment. Some security experts are prepping an unofficial patch for the program that should blunt this vulnerability.
However, uninstalling or disabling Java is probably not an acceptable solution for a large number of companies and users that rely on Java-based Web applications to conduct their daily business.
Daily Updates or our RSS feed to kick off your day with the latest hacking and Security news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+