Security experts have discovered exploit code for a recently-patched Java vulnerability that could allow an untrusted Java application to gain privileged access to a targeted system and disable security protection.
Researchers from M86 Security Labs said that the latest versions of the Blackhole, Phoenix and Metasploit exploit kits include the ability to exploit the Java CVE-2011-3544 vulnerability.
The addition of the exploit code allows cyber criminals to compromise systems and remotely install malware payloads.
Oracle recently issued a patch for the flaw, but systems that have not yet been updated are at risk of attack.
"The vulnerability is cross-platform and does not require heap spray or buffer overflow techniques," said M86 Security Labs researcher Daniel Chechik in a blog post.
"That makes it very effective, and therefore authors of exploit kits rushed to add it to their kits."
This rapid deployment is somewhat unusual for exploit kits, which traditionally rely on attacks for long-standing vulnerabilities. The kits are designed to root out poorly maintained systems that can be infected with little risk of detection.
"Until recently, most of the vulnerabilities exploited by popular exploit kits were found last year or even earlier," Chechik explained.
"Moreover, it would take authors at least a month to update their kits with the new exploits that had been discovered in the wild."
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software