Hackers Target Java 6 With Security ExploitsAugust 27, 2013 – 8:11 AM
Warning to anyone still using Java 6: Upgrade now to Java 7 to avoid being compromised by active attacks.
That alert came via F-Secure anti-malware analyst Timo Hirvonen, who reported finding an in-the-wild exploit actively targeting an unpatched vulnerability in Java 6 following the recent publication of related proof-of-concept (POC) attack code. The Java runtime environment (JRE) bug (CVE-2013-2463), was publicly revealed when Oracle released Java 7 update 25 in June 2013, which remains the most recent version of Java.
“PoC for CVE-2013-2463 was released last week, now it’s exploited in the wild,” tweeted Hirvonen. “No patch for JRE6 … Uninstall or upgrade to JRE7 update 25.” He added,”At least [the] Neutrino exploit kit seems to have added [an] exploit for [the vulnerability].”
The Neutrino crimeware kit was first spotted in March 2013, when it was identified as the source of a series of attacks that were exploiting Java vulnerabilities to install ransomware on victims’ PCs, freezing them until users paid a fine that was supposedly being levied by the FBI and other law enforcement agencies. According to security vendor AVG, Neutrino exploit kit attacks have spiked in the last few days.