August 27, 2012

New Java 0-day used in small number of attacks

Patrik Runald

Over the weekend, information started appearing that there was a new Java zero-day vulnerability (CVE-2012-4681) being used in a small number of attacks. We have analyzed samples from the attack and can confirm that Websense customers using products that have our Advanced Classification Engine (ACE) have been protected against this zero-day attack by real-time analytics dating back to early 2009.


We have confirmed that the exploit doesn't work on version 1.6.x of Java, but it does work on and (latest available versions). David at Errata Security has tried and verified that the same exploit works just as well on Linux and OS X including Mountain Lion 10.8.1. That's right folks, yet another cross-platform vulnerability in Java, and with the increasing amount of Mac malware that we're seeing, we wouldn't be surprised if this starts being used against Mac users shortly. 


Regardless of which browser and operating system that you use, make sure you disable or better yet, uninstall Java, unless you really need it. Brian Krebs has instructions on how to disable Java in browsers both on Windows and Mac. There's already a Metasploit module for the new vulnerability, which increases the risk of it being applied in attacks against a larger amount of targets.


The obfuscated JavaScript above will download a file called applet.jar (VirusTotal report), which, in turn, uses the vulnerability to download the payload hi.exe (VirusTotal report) that it saves as update.exe and executes on the system. The downloaded EXE file is a variant of Poison Ivy that tries to connect to a known malicious host in Singapore. See ourThreatScope report for more information about the file.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.