/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsA new Java zero-day being exploited in the wild has been found.
Help Net Security reprots the Java file to be highly obfuscated but based on a quick analysis it did. The exploit is probably bypassing certain security checks tricking the permissions of certain Java classes as we saw in CVE-2012-4681, it reported.
"Right now the only way to protect your machine against this exploit is disabling the Java browser plugin. Let's see how long does it take for Oracle to release a patch."
HNS expect a Metasploit module in the upcoming days as it has been happening during the last year as well as most of the exploit kits adopting this new zeroday sooner than later.
The reports adds that "it seems both Blackhole and Nuclear Pack exploit kits are using this vulnerability in the wild."