Researchers at M86 are warning that exploits for a recently-discovered Java vulnerability are already available in the wild, meaning cyber criminals could target unpatched systems.
The security firm also warned that this news shows authors are getting much faster at updating their exploit kits when new vulnerabilities are discovered. While it used to take authors a month or more, some authors are now updating their kits before a patch has even been released.
Although a patch has been released to fix the Java vulnerability any unpatched systems are still at risk, M86 warns.
The Blackhole, Phoenix and Metasploit export kits are the ones that rush-released new versions to exploit the vulnerability, called CVE-2011-3544, which exploits the Rhino Javascript engine. An attacker can use the Rhino script to generate an error object, which can then give them full privileges. The attacker can then execute code will full permissions, M86 said.
Writing on the company’s blog, Daniel Chechik said: "The vulnerability is cross-platform and doesn’t require heap spray or buffer overflow techniques. That makes it very effective and therefore authors of exploit kits rushed to add it to their kits."
"The concerning aspect is that the Blackhole exploit kit was updated even before a patch was released by the vendor," he added. "We highly encourage users to keep their Java updated, or remove it if it is not needed. A patch for this Java vulnerability is available by now: Look for Java 6 Update 29, or Java 7 Update 1."
