Another Java Zero-day vulnerability being exploited in the wild

Do you still have Java installed? There is a bad news for you ! FireEye has detected yet another Java zero-day vulnerability being exploited in attacks in the wild.

The vulnerability targets browsers that have the latest version of the Java plugin installed Java v1.6 Update 41 and Java v1.7 Update 15 and FireEye warned that the vulnerability is being exploited to install a remote-access trojan dubbed McRat, researchers from security firm.

"Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process,"

"After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero."

The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last month.

It is not known if this particular Java vulnerability is on Windows only or on Linux and Mac OS X, too. However, McRat is a Windows Trojan so the in-the-wild attacks are specifically targeting Windows users.

If you don't want any chance of being infected, the best thing to do is uninstall Java altogether.

Ping your blog, website, or RSS feed for Free

Do you have questions, comments, or suggestions? Feel free to post a comment! 

Get Regular Updates, Its FREE!

Share your views...

0 Respones to "Another Java Zero-day vulnerability being exploited in the wild"

Post a Comment


About Me

Saint Andrew is a computer science student. Saint Andrew is a founder of the blog Saint Andrew's Hacking Paradise.

His mission and the aim of this blog is to make the reader aware of the existing threats and describe them in comprehensible way.

"Saint Andrew's Hacking Paradise" is a place to Learn, Understand and Explore the facts of computer technology.

You are always welcome to contact us to suggest ideas, tips, or to ask questions.

© 2011 Saint Andrew's Hacking Paradise

This blog run on iThesis Theme & hosted by Blogger