Symantec is investigating reports that a zero-day vulnerability in Java is being exploited in a limited number of attacks. Oracle, the developer behind Java, has yet to release a patch or comment on the vulnerability. The vulnerability is reported to be exploitable by way of drive-by download on the latest version of Java (220.127.116.11). Symantec regards this vulnerability as critical since Java is a widely used platform.
The attackers behind this zero-day vulnerability have been linked to the APT group Operation Pawn Storm (also known as APT28, Sednit, Fancy Bear, or Tsar Team).
This is the first Java zero-day reported since 2013, however a vulnerability in this widely used platform does pose a significant risk.
While no patch has been issued for the vulnerability, users who are concerned about this issue can temporarily disable Java in the browser by following these steps:
Symantec customers are protected against the payload reportedly being dropped by this zero-day vulnerability with the following detections:
Intrusion Prevention System
We will continue to investigate this vulnerability and provide more details as they become available.
Update – July 14, 2015:
Oracle has released a patch to address the zero-day vulnerability discussed in this blog, the Oracle Java SE Remote Security Vulnerability (CVE-2015-2590). The July 2015 Critical Patch Update contains a total of 193 security fixes across Oracle products, including 25 fixes for Oracle Java SE.