Categories: SecurityWorkspace

Exploit Tools Armed To Attack New Java Flaw

Security researchers have discovered that exploit kits are being updated with a recently discovered Java vulnerability, enabling the flaw to be widely exploited.

Researchers from M86 Security found that the Blackhole and Phoenix exploit kits are now capable of attacking systems using the CVE-2011-3544 vulnerability.The flaw, a design error in Java, allows untrusted code to be executed at an elevated level of privileges, according to M86 Security researcher Daniel Chechik.

Design error

“An attacker can bypass the scripting engine protection by generating an error object, using Rhino script, which runs in elevated privileges and executing code that disables the Security Manager,” Chechik wrote in a blog post. “Once the Security Manager is disabled, the attacker can execute code with full permissions.”

Rhino is a Javascript engine that runs under the Java Virtual Machine and can interact with Java applets, according to Chechik, who also confirmed that  M86 Security had found that the exploit has already been added into Blackhole version 1.2.1 and Phoenix version 3.0..

Chechik said it is unusual for an exploit to make its way into such kits so quickly as they normally rely on older bugs that have already been patched, depending upon system administrators’ laxity to ensure a ready supply of vulnerable systems.

In this case, however, the exploit kits were updated with the CVE-2011-3544 flaw more quickly and the updated version of Blackhole was released even before the flaw was patched.

Cross-platform

“The vulnerability is cross-platform and doesn’t require heap spray or buffer overflow techniques. That makes it very effective and therefore authors of exploit kits rushed to add it to their kits,” said Chechik. “The concerning aspect is that the Blackhole exploit kit was updated even before a patch was released by the vendor.”

A patch has now been released by Oracle, but systems are still at risk until the patch has been applied.

“We highly encourage users to keep their Java updated, or remove it if it is not needed,” Chechik wrote. “A patch for this Java vulnerability is available by now: Look for Java 6 Update 29, or Java 7 Update 1.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

20 hours ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

23 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

1 day ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

2 days ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

2 days ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

2 days ago