Java Zero Day Exploit Leveraged In Targeted Attack Campaign: Symantec [UPDATED]

You might recall that I have talked about a serious Java exploit that currently has no fix. According to Symantec, the news just got worse. Here’s a quote from a e-mail that Symantec sent me:

In October 2011, Symantec published a paper [Warning: PDF] on The Nitro Attacks targeting chemical companies. These targeted attacks were in the form of an email with a malicious attachment ultimately leading to victims being infected with ‘Poison Ivy’. No vulnerabilities were exploited in these attacks. The recent attacks by this group are more sophisticated, using a Java zero-day vulnerability to infect victims but using the same IP address for the command and control server that was used in 2011.

Well, that’s just delightful. The full details can be found here. But it shows that Oracle needs to step up to the plate and fix this exploit. Until that happens, either downgrade to Java 1.6 (if you must have Java) or disable it entirely.

UPDATE: Apparently there is an update from Oracle that addresses this issue. Check their download page here. It would have been nice if Oracle had said something about this as apparently these have been out since Thursday. Sure they put out something on their blog. But given how serious this was, you’d think they’d make a bit more noise. In any case. Download those updates and protect yourself.

Leave a Reply

%d bloggers like this: