All the latest UK technology news, reviews and analysis


FireEye researchers uncover Java zero-day attack

02 Mar 2013
Java logo

Security researchers have uncovered yet another unpatched Java vulnerability being targeted in the wild.

Researchers with FireEye said that their cloud security platform had spotted online exploits which target a zero-day flaw in the Oracle platform. FireEye advised users to update the Java browser plug-in whenever possible.

According to FireEye, the exploit attempts to target a remote code execution flaw and, when successful, download and execute a malware package. The company said that it has notified Oracle of the condition and expects an update.

While the attack has been shown to work on the latest patched versions of Java, researchers noted that the unstable nature of the attack itself limits its effectiveness

"The exploit is not very reliable, as it tries to overwrite a big chunk of memory," FireEye said.

"As a result, in most cases, upon exploitation, we can still see the payload downloading, but it fails to execute and yields a [Java virtual machine] crash."

The report is the latest in a long line of Java zero-days to emerge in recent months. The Oracle platform has come under fire multiple times, as attackers have sought to exploit remote code execution flaws for drive-by malware downloads.

Fallout from the exploits has left many security experts recommending that users and administrators disable the Java platform on their systems. Apple at one point made a Java shutdown mandatory for OS X users.

Sophos researchers have suggested that when a Java shutdown is not possible, users keep an alternative browser designated exclusively for use with trusted Java browser applications.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Related jobs
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
22%
6%
3%
3%
66%

Popular Threads

Powered by Disqus
Xperia Z2 vs Galaxy Note 3 video review.jpg

Xperia Z2 vs Galaxy Note 3 video review

We pit Sony's 2014 flagship against Samsung's ruling phablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Java / J2SE Server-side Developer

This role requires a strong focus on Java Server-side...

SQL Implementation Consultant (VB,C#, SQL, Java, Eclipse, integ

SQL Implementation Consultant (VB,C#, SQL, Java, Eclipse...

PHP Developer - Symfony2 - London

PHP Developer - Symfony 2 - London - Start Up Salary...

Java Developer 65K - Hamshire

Austin Fraser has the pleasure of appointing a Lead Java...
To send to more than one email address, simply separate each address with a comma.