The discovery of new Java vulnerabilities has become a bit too common over the last few months. Every few days, we get to see a new security exploit present in the software. Now, the security firm FireEye, has discovered another 0-day Java vulnerability that is actively being used to attack ‘multiple customers.’
This essentially means that although the security experts have discovered this exploit only now, the hackers in the wild have been in knowledge of it for a while and had been using it actively for their nefarious purposes. The scary part is that this vulnerability is present even in the recent version of Java such as the Java v1.6 Update 41 or Java v1.7 Update 15.
So how exactly does this vulnerability work? According to FireEye,
“Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.
Upon successful exploitation, it will download a McRAT executable from same server hosting the JAR file and then execute it.”
Naturally, like so many times in the past, this time too the most effective solution is to uninstall Java plugin on your browser. If you must use the software, install it as a plugin on a secondary browser and not on the default browser.