Avira Techblog: 0-day exploit for Java 1.7

Recently a vulnerability in Oracle’s Java Runtime Environment (JRE) 1.7 was discovered that may allow an applet to execute any program with arbitrary permissions.

The JRE framework allows any browser on any supported platform to execute Java applications called applets in the browser. Tha JRE has its own security mechanisms, called Security Manager in Java. By default, an applet runs with the security credentials set by the browser or by the plugin that adds the Java support.

The exploit which is made freely available is actively used in the wild.

It is changing the permissions to bypass the restrictions imposed by default. If the user is visiting a specially crafted website which has this applet, it can executed any file on user’s computer. This is a classical elevation of privileges, because the code is not signed nor trusted by the browser.

At the time of writing this article, there is no fix available. The only way to stay safe is to disable the Java functionality in your browsers.

The US-CERT has a more detailed analysis of this exploit, including how to disable the Java in various browsers:

  • Apple Safari: How to disable the Java web plug-in in Safari
  • Firefox: How to turn off Java applets
  • Microsoft Internet Explorer: Refer to the Java documentation for more details. In the Windows Control panel, open the Java item. Select the “Java” tab and click the “View” button. Uncheck “enabled” for any JRE version listed.
    Note that this method may not work on Vista or newer systems. As an alternative, you may use one of the following techniques:
    – Change the HKEY_LOCAL_MACHINESOFTWAREJavaSoftJava Plug-in<version>UseJava2IExplorer registry value to 0, where <version> is any version of Java on your system.10.6.2, for example.
    If you are running a 32-bit version of Java on a 64-bit platform, you should set theHKEY_LOCAL_MACHINESOFTWAREWow6432NodeJavaSoftJava Plug-in<version>UseJava2IExplorer registry value to 0.
    – Run javacpl.exe as administrator, click the “Advanced” tab, select “Microsoft Internet Explorer” in the “Default Java for browsers” section, and press the space bar to uncheck it. This will properly set the above registry value, despite the option being greyed out.
  • Chrome: See the “Disable specific plug-ins” section of the Chrome documentation for how to disable Java in Chrome.

 

For the readers who can understand German, Heise.de published also information about this exploit, including a way to see if your browser has the Java plugin active or not (check if Java is active).

The German BSI has also issued a warning regarding the active usage of the exploit. BSI warns the citizens that some banners which use normally Java were compromised and make active use of this exploit to install banking trojans like Citadel and Hermes. Through this exploit it is also possible to executed a malicious URL which would automatically trigger the default browser to open the URL and infect the computer.

 

Until there is a fix for this exploit, we recommend that you visit only highly trusted websites, and if not, disable Java completely by following the instructions above.

 

Sorin Mustaca

Data Security Expert

via Avira – TechBlog http://techblog.avira.com/2012/08/29/0-day-exploit-for-java-1-7/en/


© Copyright 2012 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close