View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 18, 2011

Malware authors rush to release Java exploit packs

Shift in tactics to getting new exploit kits out quickly could be disastrous for unpatched systems

By Steve Evans

Researchers at M86 are warning that exploits for a recently-discovered Java vulnerability are already available in the wild, meaning cyber criminals could target unpatched systems.

The security firm also warned that this news shows authors are getting much faster at updating their exploit kits when new vulnerabilities are discovered. While it used to take authors a month or more, some authors are now updating their kits before a patch has even been released.

Although a patch has been released to fix the Java vulnerability any unpatched systems are still at risk, M86 warns.

The Blackhole, Phoenix and Metasploit export kits are the ones that rush-released new versions to exploit the vulnerability, called CVE-2011-3544, which exploits the Rhino Javascript engine. An attacker can use the Rhino script to generate an error object, which can then give them full privileges. The attacker can then execute code will full permissions, M86 said.

Writing on the company’s blog, Daniel Chechik said: "The vulnerability is cross-platform and doesn’t require heap spray or buffer overflow techniques. That makes it very effective and therefore authors of exploit kits rushed to add it to their kits."

"The concerning aspect is that the Blackhole exploit kit was updated even before a patch was released by the vendor," he added. "We highly encourage users to keep their Java updated, or remove it if it is not needed. A patch for this Java vulnerability is available by now: Look for Java 6 Update 29, or Java 7 Update 1."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.