The Latest in IT Security

Java Exploit CVE-2013-2432 Coverage

24
Apr
2013

Java vulnerabilities have always been popular among cybercriminals (exploit kits authors) since they can work across multiple browsers and even multiple operating systems, the potential for infecting large numbers of users is very high.

On April 16, Oracle released its Java Critical Patch Update (CPU) for April 2013 that addressed vulnerabilities found in numerous supported products. Interestingly, one of the vulnerabilities, CVE-2013-2432, was publicly disclosed the following day and this was closely followed by a Metasploit proof of concept on April 20.

It didn’t take long for exploit kit authors to adopt this openly available vulnerability. We are currently seeing cases of Redkit and Cool EK using this new Java vulnerability and we expect this exploit to be rolled out to other exploit kits.

The following Intrusion Prevention Signatures (IPS) are in place to block attacks using this exploit through the Redkit and Cool EK exploit kits:

Symantec detects the malicious files as Trojan.Maljava using our antivirus protection technology.

Symantec recommends users to apply the critical Java patch released by Oracle as this vulnerability is now seen as a high priority. Please be aware of malware that masquerades as software updates and patches and only download the patch from the official website.

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments