Over the weekend, information started appearing that there was a new Java zero-day vulnerability (CVE-2012-4681) being used in a small number of attacks. We have analyzed samples from the attack and can confirm that Websense customers using products that have our Advanced Classification Engine (ACE) have been protected against this zero-day attack by real-time analytics dating back to early 2009.
We have confirmed that the exploit doesn't work on version 1.6.x of Java, but it does work on 220.127.116.11 and 18.104.22.168 (latest available versions). David at Errata Security has tried and verified that the same exploit works just as well on Linux and OS X including Mountain Lion 10.8.1. That's right folks, yet another cross-platform vulnerability in Java, and with the increasing amount of Mac malware that we're seeing, we wouldn't be surprised if this starts being used against Mac users shortly.
Regardless of which browser and operating system that you use, make sure you disable or better yet, uninstall Java, unless you really need it. Brian Krebs has instructions on how to disable Java in browsers both on Windows and Mac. There's already a Metasploit module for the new vulnerability, which increases the risk of it being applied in attacks against a larger amount of targets.
Leave a reply