Unfortunately, it is really the case to say that Java has “yet another zero-day exploit”.
The latest version of Java, v7 Update 10 is affected and currently there is no plan for a patch. The vulnerability which is already used in online attacks is a code injection onto a fully patched Windows system running the affected Java version. It is not known yet if other versions of Java are affected. In order to get affected, somebody has to visit a website running the exploit applet which performs the code injection.
If in the meantime you re-activated the Java plugin in your browser since the last zero-day exploit at the end of August 2012, here is how to deactivate it again:
- Deactivate the Java plugin in Chrome
- Deactivate the Java plugin in Firefox
- Deactivate the Java plugin in Safari
- Deactivate the Java plugin in IE: it is very tricky. I will write a detailed article about how to do this. Don’t simply think that by deactivating the plugin in the Add-ons list of IE does the job, as anybody would expect. Until then, please uninstall Java from your system through “Programs and features” or “Add and remove Programs”.
All Avira products detect such exploits under the names: EXP/Java.AL, EXP/Java.AM, EXP/Java.AN, EXP/Java.AO, EXP/CVE-2013-0422.A, EXP/CVE-2013-0422.B, EXP/CVE-2013-0422.C
Sorin Mustaca
via Avira – TechBlog http://techblog.avira.com/2013/01/11/yajze-yet-another-java-zero-day-exploit/en/
© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch
One thought on “YAJZE: Yet another Java Zero-Day Exploit”
Comments are closed.