Shailesh Shrivastava email: s.shrivastava@mobilenapps.com
Java is once again under security threat because of a recent zero-day exploit, and people out there, including the Department of Homeland Security are shouting "Disable Java."
According to an advisory issued by the Department of Homeland Security, "a vulnerability in Java's Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a 'drive-by download' attack)."
Any system using Oracle Java 7 (1.7, 1.7.0) including, Java Platform Standard Edition 7, Java SE Development Kit, Java SE Runtime Environment have become vulnerable because of the bug.
Any Web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors. Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available, the department added in the advisory.
Talking about the zero-day exploit Kurt Baumgartner, a Kaspersky Lab expert posted on his blog: "There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites."
Baumgartner also listed down some of the files being directed to vulnerable systems.
Stretch.jar, Edit.jar, UTTER-OFFEND.JAR are among so many files which are being delivered to victim systems by the hackers.
According to a report from Mercury News, Oracle will release a fix on Jan 15 which will contain 86 new security vulnerability fixes. Oracle, which manages Java software, also asked the users of Java to update the software as soon as the fix is released.
For now, as a precautionary measure, the Department of Homeland Security and other experts have recommended users to disable Java from their Web browsers.
In case you are finding it difficult to disable Java from your browser you can refer to this guide.
Apple has already, in a swift move, disabled the Java 7 plug-in on its computers.
Apple has achieved this by updating its "Xprotect.plist" blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X, Mac Rumors reported.
most read
more stories from News
Learn how the imminent release of Qualcomm's Snapdragon 8 Gen 4 processor could lead to higher smartphone prices in 2025. Industry analysts forecast a significant cost increase, potentially impacting consumers across various price tiers.
ernest hamiltonApple discontinues Apple Pay Later, making way for a new global installment loan feature launching later this year. Find out how Apple's shift will bring flexible payment options worldwide.
ernest hamiltonVivo will launch the Y58 5G in India on June 20, 2024. Featuring a sleek flat design and dual rear cameras, this successor to the Y56 5G promises enhanced performance and style. Stay tuned for full specs, pricing, and availability.
ernest hamiltonDiscover how to optimize your Android Auto experience with essential settings for improved safety, convenience, and customization. From managing notifications to maximizing battery life, unlock the full potential of this innovative automotive technology.
ernest hamiltonDiscover Chrome for Android's groundbreaking 'Listen to This Page' feature, revolutionizing web browsing by converting text to speech. Enhance accessibility, explore multilingual support, and experience intuitive playback controls for a seamless browsing experience.
ernest hamiltonvivo and UEFA announce a major partnership for EURO 2024, making vivo's V30 series the official smartphones of the tournament. Discover how vivo's cutting-edge technology will enhance fan experiences and capture unforgettable moments this summer in Germany.
ernest hamiltonAt its developer conference, Apple introduced iOS 18 and iPadOS 18 featuring AI-driven tools, enhanced customization, and robust privacy measures. HTC revealed the U24 Pro with a Snapdragon 7 Gen 3 chip, while the CMF Phone 1 leak showcases a budget-friendly device with a Dimensity 7300 SoC.
ernest hamiltonDiscover how Android 15 improves app stability by disabling home screen widgets when apps are force-stopped, ensuring a smoother user experience. Learn about this new feature and its impact on developers and users
ernest hamilton