Java is one of the powerful and more dominant language that prevails for more decades and one of the powerful characteristic is Security that is provided by Java. Recently a zero day exploit has been revealed by Security Researchers.
The zero day exploit has been revealed in the latest version of Java 1.8.0.45 but the older versions of Java such as 1.6 and 1.7 are not at all affected by this zero day exploit.
Attackers are using email messages to send the malicious links to the victims and once clicked the exploit code delivers a basic Trojan Dropper, #TROJ_DROPPR.CXC, that drops the payload #TSPY_FAKEMS.C.
The payload is injected into the /login user folder and thus compromising the security of the system. The advanced Persistent Threat (APT) group operation #Pawn Storm are thought to be responsible for the Java zero-day exploit attacking member of NATO and US defense.
The exploit has been reported to Oracle and the steps how to exploit it has not been released yet but it is believed to be used by many attackers.
Oracle is working with Trend Micro to develop a fix to patch the issue. Until the patch is released the users are advised to disable Java temporarily in their browser.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment