Security researchers report of a zero-day vulnerability, endangers with Java Runtime Environment 7, the latest version of the Java runtime environment. The zero-day season is not so past, Atif Mushtaq of FireEye commented in a blog entry .
“The recent Java Runtime Environment JRE 1.7x-how vulnerable,” he says. “In my lab environment, I was able to successfully run the exploit on a test computer where you installed Firefox with JRE 1.7 Update 6 was.”
Originally discovered the exploit was hosted on a domain called ok.XXX4.net that pointed to an IP address in China. This same address was noticed earlier by the distribution of other forms of malware. Currently, the server responds to browser requests not, but it is still on the network.
A malicious applet uses the zero-day vulnerability, provides a download of an application called Dropper (Dropper.MsPMs) from the same server and its installation on the system.According to Mushtaq dropper will subsequently connects to a command and control server in Singapore, which could in principle lead to transforming the compromised machines in a botnet drones.
The FireEye Malware Intelligence Lab expects that sooner or later, proof-of-concept code is published and more offenders can exploit the vulnerability. It even seems to be happening already, as got to see working code soon, which in his comments was a direct reference to Mushtaqs blog entry.
Since the latest Java runtime environment is concerned (currently Version 7 Update 6), the risk is initially to escape only by temporarily disabling or uninstalling Java. “It will be interesting to see when Oracle plans to provide a patch,” writes Mushtaq. “Until then, most Java users are exposed to the risk of an exploit.”