Endpoint Protection

Java zero-day vulnerability used in limited attacks 

07-13-2015 01:52 PM

Zero-day-new01_0.jpg

Symantec is investigating reports that a zero-day vulnerability in Java is being exploited in a limited number of attacks. Oracle, the developer behind Java, has yet to release a patch or comment on the vulnerability. The vulnerability is reported to be exploitable by way of drive-by download on the latest version of Java (1.8.0.45). Symantec regards this vulnerability as critical since Java is a widely used platform.

The attackers behind this zero-day vulnerability have been linked to the APT group Operation Pawn Storm (also known as APT28, Sednit, Fancy Bear, or Tsar Team).

This is the first Java zero-day reported since 2013, however a vulnerability in this widely used platform does pose a significant risk.

While no patch has been issued for the vulnerability, users who are concerned about this issue can temporarily disable Java in the browser by following these steps:

Symantec customers are protected against the payload reportedly being dropped by this zero-day vulnerability with the following detections:

Antivirus

Intrusion Prevention System

We will continue to investigate this vulnerability and provide more details as they become available.

Update – July 14, 2015:
Oracle has released a patch to address the zero-day vulnerability discussed in this blog, the Oracle Java SE Remote Security Vulnerability (CVE-2015-2590). The July 2015 Critical Patch Update contains a total of 193 security fixes across Oracle products, including 25 fixes for Oracle Java SE.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.