Security Advisory - August 27, 2012

Zscaler Deploys Protections to Combat Exploitation of 0Day Vulnerability in Java 7

Zscaler, has deployed various protections to combat the exploitation of a 0day vulnerability in the current version of the Java Runtime Environment (version 7). Targeted attacks emerging from China and Singapore have recently been identified, but exploitation is likely to broaden now that public exploit code and a Metasploit module are available. Given that Oracle, which maintains Java, generally sticks to a quarterly release cycle, it is unclear when a patch for this issue will be made available.

Java 7 Applet Remote Code Execution

Severity: Critical
Affected Software

  • Java Runtime Environment Version 7 (Updates 0-6)

References:

http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/

http://www.metasploit.com/modules/exploit/multi/browser/java_jre17_exec

http://threatpost.com/en_us/blogs/new-java-zero-day-being-used-targeted-attacks-082712