Zenith Live is coming to Europe in October. Join us! Learn More
Zenith Live is coming to Europe in October. Join us!
Learn More

Zero trust security

Make it possible

Your Mission

 

Security Advisory - January 10, 2013

Zscaler Protects Against 0 Day Vulnerability in Java 7 incorporated into multiple exploit kits

 

 

Zscaler has proactively deployed protections for a new 0day vulnerability in all versions of Java 7, including the latest version of Java 7 update 10 (CVE-2013-0422). There is presently no patch available for this exploit and it has already been incorporated into numerous exploit kits. Exploit code is also freely available in the wild and a Metasploit module has been produced. As such, exploitation of this issue is widespread. The Zscaler cloud will detect and block websites leveraging this new vulnerability. Zscaler will continue to monitor exploits associated with this issue and deliver additional protections as needed.

Vulnerability Note VU#625617

Affected Software

  • Oracle Java Runtime Environment (JRE) 1.7

CVE-2013-0422 - Java 7 fails to restrict access to privileged code

Description: Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.