AAPL Stock: 117.81 ( -0.22 )

Printed from

Java zero-day exploit seen in malicious advertising

updated 04:29 pm EST, Thu January 10, 2013

Vulnerability found in Java 7 Update 10

A previously unknown vulnerability in Java is being used online by hackers, according to security researchers. The 0-day exploit has also reportedly been included in two malware toolkits used by hackers, with the best form of protection currently being to turn off the Java plug-in for all browsers until the hole is patched.

The US Computer Emergency Readiness Team has noted that the vulnerability in Java 7 Update 10 could be used by a remote attacker to "execute arbitrary code on a vulnerable system" using a "specially crafted HTML document," according to The Next Web.

French security researcher Kafeine, the first to find the flaw, saw that the exploit was being used on a major site, potentially affecting "hundreds of thousands" of visitors per day. Kafeine also saw that it has been incorporated into the BlackHole Exploit Kit and the Cool Exploit Kit, both used to spread malware onto other machines.

Kurt Baumgartner, a security expert for Kaspersky, claims that the exploit is already being used in advertisements on a wide range of sites, from news and weather services to adult sites.

by MacNN Staff



  1. daqman

    Junior Member

    Joined: 09-15-00

    All vey well but...

    This sounds like a nasty vulnerability but all of the sites I've looked at (like CERT) show screenshots, paths and other information that is Windows specific. Yes, I know Java runs on various platforms but it just isn't clear if the exploiters of the vulnerability are targeting Windows only or OSX also. Anyone have information?

    For some of us turning Java off is not an option since we have in-house Java code used on a daily basis.

  1. dechamp

    Fresh-Faced Recruit

    Joined: 01-12-10

    Turning off java is an option

    Oracle says it will patch the exploit on Tuesday. Who cares if it only affects certain OS's or just some machines? Oracle needs to research and improve Java anyway, and this will get them off their butts. I can certainly wait for safe programs, but then I spend almost all my time cleaning up the latest versions of the FBI Scam, and the latest fake Anti-Virus scams. My clients don't need the grief and can wait a couple of days.

    These sloppy 3rd party plugins like Adobe Flash and Oracle Java will have to get better or get gone.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented