Java Holes Bring Quick Exploits

Thursday, December 22, 2011 @ 11:12 AM gHale

It doesn’t take long as Java vulnerabilities are out in the wild and cyber criminals are jumping all over them looking to manipulate unpatched systems.

This all means authors are getting much faster at updating their exploit kits when new vulnerabilities are discovered, said researchers at security firm M86. While it used to take authors a month or more, some authors are now updating their kits before a patch ever releases.

Black Hole Kit Exploiting Java
Exploits Team on Java
Hackers Rejoice: Trouble Brewing with Java
HP: Hackers Can’t set Printers on Fire
FBI: Hackers Hit Cities Via SCADA

Although there is a patch out to fix the Java vulnerability any unpatched systems are still at risk, M86 said.

The Blackhole, Phoenix and Metasploit export kits are the ones that rush-released new versions to exploit the vulnerability, called CVE-2011-3544, which exploits the Rhino Javascript engine. An attacker can use the Rhino script to generate an error object, which can then give them full privileges. The attacker can then execute code with full permissions, M86 said.

“The vulnerability is cross-platform and doesn’t require heap spray or buffer overflow techniques,” said Daniel Chechik of M86. “That makes it very effective and therefore authors of exploit kits rushed to add it to their kits.”

“The concerning aspect is that the Blackhole exploit kit was updated even before a patch was released by the vendor,” he said. “We highly encourage users to keep their Java updated, or remove it if it is not needed. A patch for this Java vulnerability is available by now: Look for Java 6 Update 29, or Java 7 Update 1.”

Leave a Reply

You must be logged in to post a comment.