New 0day exploit for Java. Now in Metasploit
As follows from the official Metasploit blog , the latest update of this product has in its arsenal an exploit for zero-day (0day) vulnerability for Java run-time environments (JRE).
Cross-platform exploit and was successfully tested on the following platforms:
')
UPD_2
The following products are reported to be vulnerable:
JDK and JRE 7 Update 6 and earlier
JDK and JRE 6 Update 34 and earlier
end of UPD_2
As you can guess, since this is 0day , there is currently no patch available. Java 7 update 7 fixes the vulnerability (thanks to Gregy for the tip-off ). Vulnerabilities have also not yet been assigned a CVE number. Vulnerabilities assigned to CVE-2012-4681
The first use of this exploit was first detected on ok.aa24.net
An exploit code was obtained from there. The exploit exploits an architectural vulnerability and, in theory, works on both 32 and 64-bit systems.
FireEye conducted a small exploration study found on the site already mentioned above.
As a temporary protection measure, Metasploit representatives suggest that youcompletely remove Java from the system (inaccurate translation. Thanks to tulskiy for the tip). Disable plugin.
If you don’t know if Java is in your system, you can find out using this service.
US-CERT recommends that Firefox users install the NoScript extension in the settings of which limit the list of sites on which to run java-code.
This year, similar vulnerabilities in Java are not found for the first time. Before this was:
UPD
Related Links:
Cross-platform exploit and was successfully tested on the following platforms:
- Windows 7 SP1 with Java 7 Update 6 installed
- Mozilla Firefox for Ubuntu Linux 10.04
- Internet Explorer / Mozilla Firefox / Chrome on Windows XP
- Internet Explorer / Mozilla Firefox on Windows Vista
- Internet Explorer / Mozilla Firefox on Windows 7
- Safar under OS X 10.7.4
')
UPD_2
The following products are reported to be vulnerable:
JDK and JRE 7 Update 6 and earlier
JDK and JRE 6 Update 34 and earlier
end of UPD_2
The first use of this exploit was first detected on ok.aa24.net
An exploit code was obtained from there. The exploit exploits an architectural vulnerability and, in theory, works on both 32 and 64-bit systems.
FireEye conducted a small exploration study found on the site already mentioned above.
As a temporary protection measure, Metasploit representatives suggest that you
- Disable Java plug-in for Safari web browser
- Disable plugins in Google Chrome
- How to properly disable Java runtime in Opera for Windows
- Disable plugins in firefox
If you don’t know if Java is in your system, you can find out using this service.
US-CERT recommends that Firefox users install the NoScript extension in the settings of which limit the list of sites on which to run java-code.
This year, similar vulnerabilities in Java are not found for the first time. Before this was:
- CVE-2012-0507 (this vulnerability was exploited by the sensational Carberp Trojan )
- CVE-2012-1723
UPD
Related Links:
- VulnDisco SA CANVAS exploit pack has a new java 0-day. It has been tested on Windows 7 with IE, Opera and Firefox. - VulnDisco released exploit pack with this exploit for Immunity CANVAS on August 10
- New Java 0day exploited in the wild - a more detailed analysis of the exploit installed on the previously mentioned site
- Vulnerability Note VU # 636312 — Vulnerability Tips and Recommendations from US-CERT
- Oracle Java 0day and another Myth of a Targeted Attack - another analytical analysis of the exhibit installed on the previously mentioned site (thanks to timukas for the link)
- Java 7 0-Day vulnerability information and mitigation. - Another analytical report regarding the exploit installed on the previously mentioned site.
Source: https://habr.com/ru/post/150331/
All Articles