Hackers Target Java 6 With Security Exploits
August 27, 2013 – 8:11 AMWarning to anyone still using Java 6: Upgrade now to Java 7 to avoid being compromised by active attacks.
That alert came via F-Secure anti-malware analyst Timo Hirvonen, who reported finding an in-the-wild exploit actively targeting an unpatched vulnerability in Java 6 following the recent publication of related proof-of-concept (POC) attack code. The Java runtime environment (JRE) bug (CVE-2013-2463), was publicly revealed when Oracle released Java 7 update 25 in June 2013, which remains the most recent version of Java.
“PoC for CVE-2013-2463 was released last week, now it’s exploited in the wild,” tweeted Hirvonen. “No patch for JRE6 … Uninstall or upgrade to JRE7 update 25.” He added,”At least [the] Neutrino exploit kit seems to have added [an] exploit for [the vulnerability].”
The Neutrino crimeware kit was first spotted in March 2013, when it was identified as the source of a series of attacks that were exploiting Java vulnerabilities to install ransomware on victims’ PCs, freezing them until users paid a fine that was supposedly being levied by the FBI and other law enforcement agencies. According to security vendor AVG, Neutrino exploit kit attacks have spiked in the last few days.
You must be logged in to post a comment.