Skip to main content

Security threat and protection of new Java 0-day vulnerability

Release Date: 29 Aug 2012 4833 Views

A new Oracle Java 0-day (No patches) vulnerability (CVE-2012-4681) was found to affect the Java 7 (1.7) update 0-6 version and the attack code for this vulnerability has been publicly. The attack mainly focused on Windows operating system with enabled a Java plug-in function in web browsers, including Internet Explorer, Firefox and Chrome etc. However, security experts confirmed that the exploit also applies to Linux and Mac operating systems. Therefore, this vulnerability poses a great security threat to the users.

 

[Updated on Aug 31, 2012]
1.Oracle has released an updated version ( Java 7 (1.7) update 7 version) to fix the vulnerability on Aug 30,2012
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

 

Java vulnerability exploits

 

Security experts initially discovered the website was injected with malicious code to exploit this vulnerability on Sunday (August 26). If a user visits the compromised website, the malicious code downloads an applet program from website ok.<removed>4.net to exploit the Java vulnerability. Successful exploitation caused installation of a well-known malicious software - Poison Ivy. The malware connects to a botnet command and control server hello.<removed> .pk once started and receives remote control commands. In addition, the infamous “Blackhole Exploit Kit” confirmed to have included this exploit in the latest version.

 

 

How to check whether the computer is affected?

 

The 0-day vulnerability only affects Java 7 (1.7) update 0-6 version, the old version is not affected. To check whether installed Oracle Java software and the version is affected or not, you can use the following Java version verification tool.

http://www.java.com/en/download/installed.jsp

 

 

How to protect your computer?

 

Since the software vendor, Oracle has not yet released a patch or updated version of this vulnerability, we recommend the following measures to protect your computer:

  1. Disable the Oracle Java Plug-ins in web browsers
    • Apple Safari:
      • Click "Preferences", select the "Security" tab, uncheck "Enable Java".
    • Google Chrome:
      • Click the wrench icon in the upper right corner of the browser window, select "Settings".
      • In the search box, type "Plug-ins" and click "Content Settings" to open a window.
      • Click the "Disable individual plug-ins" link, find Java in the list, and click the disable link next to it.
    • Internet Explorer:
      • In the Windows Control panel, change the View setting to "Classic View" in (Windows XP and Windows Vista) Or "Large icons" in (Windows 7) .
      • Open the Java item, select the "Advanced" tab. On "Default Java for Browser", click "+" to expand the options。
      • Select "Microsoft Internet Explorer", and then press the "Space" in keyboard to uncheck the selection.
    • Mozilla Firefox::
      • From the "Tools" in main menu, select "Add-ons".
      • Click "Plug-ins", disable any plugins related to "Java" in the list.
      • Restart the browser.
  2. Do not open the website links from untrusted source.
  3. Install the security software and keep it updated.