Security experts have discovered exploit code for a recently-patched Java vulnerability that could allow an untrusted Java application to gain privileged access to a targeted system and disable security protection.
Researchers from M86 Security Labs said that the latest versions of the Blackhole, Phoenix and Metasploit exploit kits include the ability to exploit the Java CVE-2011-3544 vulnerability.
The addition of the exploit code allows cyber criminals to compromise systems and remotely install malware payloads.
Oracle recently issued a patch for the flaw, but systems that have not yet been updated are at risk of attack.
"The vulnerability is cross-platform and does not require heap spray or buffer overflow techniques," said M86 Security Labs researcher Daniel Chechik in a blog post.
"That makes it very effective, and therefore authors of exploit kits rushed to add it to their kits."
This rapid deployment is somewhat unusual for exploit kits, which traditionally rely on attacks for long-standing vulnerabilities. The kits are designed to root out poorly maintained systems that can be infected with little risk of detection.
"Until recently, most of the vulnerabilities exploited by popular exploit kits were found last year or even earlier," Chechik explained.
"Moreover, it would take authors at least a month to update their kits with the new exploits that had been discovered in the wild."
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally