--
Therefore, recite our mantra and:
JUST TURN JAVA OFF!
I'm getting all emphatic about it, with caps and bold characters and added exclamation mark.
My advice:
Give up on Java.
Uninstall Java.
Have a happier day.
Today's gory details:
Better idea:
Ignore Java's proven-to-be-worthless security settings and:
JUST TURN JAVA OFF!
Through our Malware Protection Cloud (MPC), we detected a brand new Java zero-day vulnerability that was used to attack multiple customers. Specifically, we observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed.
Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero. Upon successful exploitation, it will download a McRAT executable (MD5: b6c8ede9e2153f2a1e650dfa05b59b99 as svchost.jpg) from same server hosting the JAR file and then execute it.
The exploit is not very reliable, as it tries to overwrite a big chunk of memory. As a result, in most cases, upon exploitation, we can still see the payload downloading, but it fails to execute and yields a JVM crash. When the McRAT successfully installs in the compromised endpoint as an EXE (MD5: 4d519bf53a8217adc4c15d15f0815993), it generates the following HTTP command and control traffic:
. . .
Update: Oracle assigned CVE-2013-1493 on this vulnerability.
And now, we get to do the sit-and-wait-for-Oracle-to-catch-up so they can spew out another lame update with further security holes yet-to-be-discovered. IASSOTS, etc. :-P
--
No comments:
Post a Comment