The FireEye Malware Intelligence Lab reported the discovery of a zero-day exploitation for the latest version of Java 7 yesterday.
Atif Mushtaq, a researcher at the security vendor, briefly explained on the company blog that the vulnerability was hosted on a domain with a Chinese IP address where, as ZDNet reports, the server has been known for launching other types of malware in the past. According to ComputerWorld, in this case the malware in question is a cousin of Poison Ivy, a "remote administration Trojan" that connects to a command and control server in Singapore.
On his blog, Brian Krebs cites reports that the exploit works against all versions of Internet Explorer and Firefox but not against Chrome. However, Rapid 7 says there is a Metasploit module in the works that will exploit the vulnerability on Chrome for Windows XP and possibly other operating systems
Krebs also mentioned a report that said this exploit will soon be included in the BlackHole exploit kit, a popular tool among hackers.
Oracle updates Java on a quarterly basis and the next bug fix isn't expected to come until as late as October. In the meantime, DeepEnd Research has prepared a blog post that explains everything you need to know about the vulnerability and how to mitigate the risks of using Java.
Java expert Michael Schierl, the man responsible for pointing out several security issues with Java, provided DeepEnd with a report on the particulars and an unofficial patch that will be distributed on a per-request basis.
Krebs suggests that users who use Java for one particular website or program disable the browser plugin on their primary browser and use an alternate browser with Java enabled when accessing programs or sites that require it. If you don't need Java, ditch it for now, Krebs advises.
Users can fall victim to Java security exploits by not updating virus protection software in a timely fashion or by using outdated versions of the software, but in this case, the latest version, as is, is subject to being exploited. Java users could become infected by visiting or clicking on infectious links or Web pages.
Thus far, the vulnerability has been used on a small scale in targeted attacks, but the quick spread of the proof-of-concept and inclusion in a popular tool kit means that the ability to exploit this security weakness is quickly making its way into the hands of those who wish to make mischief or cause harm.