Reports confirm that a recently discovered Java zero-day exploit has been added to security/hacker tool-kits Metasploit and Blackhole Exploit Kit. A Zero day is a computer vulnerability which is yet to be patched by the vendor and generally be actively being used in the wild.
Security researchers from FireEye found the Java issue late last week, and after testing confirmed that it was a zero-day vulnerability. The vulnerable systems are Windows, Mac OS X, or Linux, with JRE 1.7 Update 0 though 6 installed for Firefox, Safari, or Internet Explorer and Chrome on XP. Currently the issue remains unpatched and vulnerable.
It has been suggested that over 100 domains are already delivering the malicious payload with thousands likely in the next week.
Security experts suggest removing Java if it isn’t absolutely needed in your environment. Most home users have little need for the software these days, and most experts agree the risk outweighs the reward when it comes to installing it.
Tiro Security is dedicated to your IT Security Job requirements and ensuring inforsec guru’s find the best position possible.