Security researchers uncover new Java vulnerability
11 Jan 2013
Security researchers say cybercriminals are using an exploit for a previously unknown and currently unpatched vulnerability in Java to infect computers with malware.
This was reported by an independent malware researcher who uses the online moniker Kafeine. He wrote in his blog yesterday about the existence of the exploit "in the wild", which was being actively used in attacks.
Such exploits are being used by attackers to silently install malware on the computers of users who visited compromised websites, in so called drive-by download attacks.
The researcher, who says this could be mayhem and he better make some noise about is sharing samples of the exploit only with security companies.
A senior e-threat analyst, Bogdan Botezatu at antivirus vendor Bitdefender wrote in an email, that they could confirm this was a new vulnerability.
"We reproduced the exploitation mechanism on Java 1.7 Update 9 and Update 10. Other versions may be vulnerable as well, we're currently analyzing whether other older updates are vulnerable."