In association with heise online

28 March 2012, 14:55

Critical Java hole being exploited on a large scale - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Java logo Criminals are increasingly exploiting a critical hole in the Java Runtime Environment (JRE) to infect computers with malicious code when users visit a specially crafted web page. According to well-known security blogger Brian Krebs, the reason for this increased activity is that the arsenal of the BlackHole exploit kit has been extended to include a suitable exploit.

The hole that was patched by Oracle in mid-February allows malicious code to breach the Java sandbox and permanently anchor itself in a system. Varying types of malware have been injected; for example, it is believed that the hole has been exploited to deploy the ZeuS trojan.

According to an analysis by Microsoft, the dropper is distributed across two Java classes. The first class exploits the vulnerability to elevate its privileges when processing arrays, and then executes a loader class that will download and install the payload.

Users can protect themselves by installing or updating to one of the current Java releases: Java SE 6 Update 31 or version 7 Update 3. To see which version of the browser plug-in is installed, if any, users can visit the Verify Java Version test page.

However, not even those who use the most current version of Java can feel entirely safe as Krebs says that rumours of a new exploit that uses an unpatched (zero day) critical Java hole are circulating on underground forums. To be on the safe side, users can completely uninstall Java or at least disable the browser plug-in. As the use of Java continues to be on the decline, this will likely have little or no effect on most web sites.

Update 29-03-12: The most recent Java updates for Mac OS X 10.7 Snow Leopard and 10.7 Lion are from November 2011. As these are based on Java SE 6 Update 29, Mac users may not be protected against the critical hole being exploited by criminals.

Zoom Mac users can find the Java Preferences app under Utilities in the Applications folder
Until an update is released that addresses the vulnerability, Mac OS X users can turn off Java. Users can disable Java via Java Preferences (Applications > Utilities > Java Preferences) by unchecking the installed version. Alternatively, users can disable Java in each of their browsers; in Apple's Safari browser, this can be done by unchecking the "Enable Java" checkbox under the Security tab in Safari's Preferences.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit