View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 10, 2013

Researchers discover new Java vulnerability

Could allow a remote, unauthenticated attacker to execute arbitrary code.

By CBR Staff Writer

Security researchers have discovered a new vulnerability in the latest Java version, Java 7 Update 10, and in earlier versions of the software which could give attackers access to users’ computers.

The US Computer Emergency Readiness Team (US-CERT) confirmed that Java 7 Update 10 and earlier versions contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

According to US-CERT, the vulnerability, which is already reportedly being attacked in the wild (meaning cyber criminals could target unpatched systems), is also incorporated in exploit kits, and the exploit code for the vulnerability is also publicly available.

US-CERT said it is currently unaware of a practical solution to this problem, although starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet.

It was ‘Kafeine’, a blogger, who brought the flaw to the notice of US-CERT.

AlienVault Labs manager Jaime Blasco said his company was able to reproduce an attack with the exploit against a fully patched Java platform.

Blasco said: "The Java file is highly obfuscated but based on the quick analysis we did the exploit is probably bypassing certain security checks tricking the permissions of certain Java classes."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

In December 2011, researchers at M86 warned that exploits for a Java vulnerability are already available in the wild.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.