Washington, Jan 13: The U.S. Department of Defense has issued an advisory to people to disable Java on systems that have it installed to avoid potential hacking.
A new Trojan horse called Mal/JavaJar-B has been found that exploits vulnerability in Oracle’s Java 7 and affects even the latest version of the runtime (7u10).
The exploit has been described by Sophos as a zero-day attack since it has been found being actively used in malware before developers have had a chance to investigate and patch it.
The exploit is currently under review at the National Vulnerability Database and has been given an ID number CVE-2013-0422, where it is still described as relatively unknown.
According to CNET, unspecified vulnerability in Oracle Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via unknown vectors, possibly related to ‘permissions of certain Java classes, as exploited in the wild in Jan ary 2013, and as demonstrated by Blackhole and Nuclear Pack.’
The malware has currently been seen attacking Windows, Linux and Unix systems, and while so far has not focused on OS X, may be able to do so given OS X is largely similar to Unix and Java is cross-platform.
Additionally, the exploit is currently being distributed in the competing exploit kits ‘Blackhole’ and ‘NuclearPack’, making it far more convenient to criminal malware developers to use.
Even though the exploit has not been seen in OS X, Apple has taken steps to block it by issuing an update to its built-in XProtect system to block the current version of the Java 7 runtime and require users install an as of yet unreleased version of the Java runtime (release b19).
The second setting is to increase the security level of the Java runtime, which can also be done in the same Security section of the Java Control Panel, the report said.
According to the report, the default security level is Medium, but you can increase this to High or Very High.
At the High level, Java will prompt you for approval before running any unsigned Java code, and at the Very High level all Java code will require such approval, regardless of whether or not it is signed.
Since this threat is Java-based, it will only affect systems that have Java installed. Most platforms do not come with Java, but if you have installed it and do not need or regularly use it, you might consider removing it from your system.
While Java is convenient for legitimate developers, its conveniences also help malware developers spread their harmful practices to multiple platforms, the report added. (ANI)