In early July, an update to the Black Hole exploit kit targeted Java vulnerability CVE-2012-1723. The vulnerability could evade the JRE (Java Runtime Environment) sandbox and load additional Java classes in order to perform malicious actions. Details about the vulnerability are here. Although most of the sites used in the attack are newly registered, the Websense® ThreatSeeker® Network can detect an attack like this. And we also use multiple methods to detect exploit kits, especially for the most famous ones, like the Black Hole exploit kit. Our Advanced Classification Engine or ACE helps protect Websense customers from these threats.
Looking at the past three years, the Java platform vulnerability has been one of the most popular ones used by attackers. Java was designed to be portable, meaning it works on virtually all computer operating systems like Windows, Mac, and Linux. We still remember the Mac OS malware Flashback that infected over 600,000 Apple computers worldwide in April 2012 using Java vulnerability CVE-2012-0507. Even now, we still see a lot of exploit kits that use CVE-2012-0507. Here are the Java platform vulnerabilities used in the wild since 2010:
- CVE-2010-0094
- CVE-2010-0094
- CVE-2010-0840
- CVE-2010-0842
- CVE-2010-0844
- CVE-2010-3552
- CVE-2010-0886
- CVE-2010-4452
- CVE-2011-3521
- CVE-2011-3554
- CVE-2012-0507
- CVE-2012-1723
Although Oracle released a patch in June for the latest vulnerability, cyber criminals are attacking customers who have not yet updated their platforms. We recommend that customers update their Java platform as soon as possible. Also, consider disabling the Java Plugin in your Web browser to reduce the risk if you are not using it a lot.
Leave a reply
