25 Apr 2013

Patched Java Vulnerability Still Used by Attackers

A Java vulnerability patched by Oracle on April 16 is still being used by attackers in a campaign that spreads a new ransomware dubbed Reveton.

Although the Java 7 Update 21 fixed 42 security loopholes, the exploit for the CVE-2013-2423 vulnerability has already been spotted in the wild a day after being included in Metasploit, an open-source tool used by penetration testers.

“This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets,” reads Oracle’s advisory.

The Reveton ransomware locks down a user’s operating system and asks for fees because of allegedly illegally downloaded files. The Java vulnerability is already a part of a well-known Web attack toolkit, Cool Exploit Kit, that’s believed to have reverse engineered it from the Metasploit proof-of-concept module.

Advising users not to run untrusted Java applets from dubious websites, as they might get tricked into installing the Reveton ransomware, experts urge users to install the latest Java 7 Update 21 to patch the security issue.

Browser plug-ins should also be updated, as they are equally vulnerable to the exploit and users need to make sure that no plug-in-based content is run without their consent.