Java 7漏洞人人有份 Windows Mac Linux 無一倖免

Java zero day flaw puts millions of Windows, Mac and Linux users at risk

Thousands of computer users - whether they favour Windows, Mac or Linux operating systems - are at risk from a newly discovered Java vulnerability for which there is currently no fix.

It appears the flaw allows the Blackhole exploit kit to target the Java system using a Pre.jar file that lets it install malware, in this case a banking Trojan, onto users machines, through a variety of methods.

Security firm FireEye warned that criminals have already begun targeting the flaw using the Blackhole exploit kit. Some versions of the malware toolkit were updated to include the ability to exploit the vulnerability earlier this week, the company claimed.

"This morning we started getting the first indication of a large scale attack. So far we have observed over a dozen domains actively attacking systems with this exploit, and the count is increasing rapidly," read FireEye's blog.

"After seeing the reliability of this attack, I have no doubt in my mind that within hours the casualties will be in the thousands."

FireEye went on to criticise Oracle - which owns Java - for its lack of action regarding the flaw.

"It's very disappointing that Oracle hasn't come forward and announced a date for an emergency update patch," wrote FireEye's Atif Mushtaq.

At the time of publishing Oracle had not responded to V3's request for comment on the exploit or when a patch may be released.

The flaw was uncovered earlier in August and reportedly works on Windows, Linux and OSX operating systems, according to Errata security.

"I have tested the following operating systems: Windows7, Ubuntu 12.04, OSX 10.8.1. I have tested the following browsers: Firefox 14.0.1 (Windows, Linux, OSX), IE 9, Safari 6. The same exploit worked on all of them," an Errata representative wrote on a company blog.

The Blackhole exploit kit is an automated attack kit available for sale in several online black markets. It allows cyber criminals without sophisticated IT skills to mount automated cyber campaigns.

Earlier in the year, Finnish security firm F-Secure listed the kit as one of the key cyber threats facing businesses.

http://www.v3.co.uk/v3-uk/news/2201420/java-zero-day-flaw-puts-millions-of-windows-mac-and-linux-users-at-risk
[轉貼] Java 7漏洞人人有份 Windows Mac Linux 無一倖免

建議各位停用瀏覽器既Java插件