The Hacker News Logo
Subscribe to Newsletter

Another Java zero-day vulnerability being exploited in the wild

Do you still have Java installed? There is a bad news for you ! FireEye has detected yet another Java zero-day vulnerability being exploited in attacks in the wild.



The vulnerability targets browsers that have the latest version of the Java plugin installed Java v1.6 Update 41 and Java v1.7 Update 15 and FireEye warned that the vulnerability is being exploited to install a remote-access trojan dubbed McRat, researchers from security firm.

"Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process,"

"After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero."

The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last month.

It is not known if this particular Java vulnerability is on Windows only or on Linux and Mac OS X, too. However, McRat is a Windows Trojan so the in-the-wild attacks are specifically targeting Windows users.

If you don't want any chance of being infected, the best thing to do is uninstall Java altogether.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.