Security experts have discovered exploit code for a recently-patched Java vulnerability that could allow an untrusted Java application to gain privileged access to a targeted system and disable security protection.
Researchers from M86 Security Labs said that the latest versions of the Blackhole, Phoenix and Metasploit exploit kits include the ability to exploit the Java CVE-2011-3544 vulnerability.
The addition of the exploit code allows cyber criminals to compromise systems and remotely install malware payloads.
Oracle recently issued a patch for the flaw, but systems that have not yet been updated are at risk of attack.
"The vulnerability is cross-platform and does not require heap spray or buffer overflow techniques," said M86 Security Labs researcher Daniel Chechik in a blog post.
"That makes it very effective, and therefore authors of exploit kits rushed to add it to their kits."
This rapid deployment is somewhat unusual for exploit kits, which traditionally rely on attacks for long-standing vulnerabilities. The kits are designed to root out poorly maintained systems that can be infected with little risk of detection.
"Until recently, most of the vulnerabilities exploited by popular exploit kits were found last year or even earlier," Chechik explained.
"Moreover, it would take authors at least a month to update their kits with the new exploits that had been discovered in the wild."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago