Friday, January 11, 2013

New Java 7 Exploit In The Wild,
Coming Soon To A Mac Near You!

Just Turn Java OFF.

Oracle's Java 7, ALL versions (v1.7 update 10, aka 7u10, on down), has a newly discovered security hole that is being exploited in-the-wild on Linux, Windows and UNIX. That 'UNIX' exploit means malware will immediately be coming to Mac.

Surprised? Not me!

CVE-2013-0422 describes the security hole as:
Unspecified vulnerability in Oracle Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via unknown vectors, possibly related to "permissions of certain Java classes," as exploited in the wild in January 2013, and as demonstrated by Blackhole and Nuclear Pack.
SecurityTracker provides further details:
A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. 
This vulnerability is being actively exploited. 
Several exploit kits include an exploit for this vulnerability....  
No solution was available at the time of this entry.
The source report about in-the-wild exploit malware can be found here:

Quoting the article:
Hundreds of thousands of hits daily where i found it. This could be a mayhem. I think it's better to make some noise about it.
I'll post when the 'mayhem' hits the Mac community, which will likely be any minute now...

No comments:

Post a Comment