0

CVE-2013-0422

Tags: CVE-2013-0422 | Nuclear Pack | Black Hole | Oracle | JRE 7.11 | Java plugins

Tom Neary

23/01/2013

Another Java zero-day exploit discovered by Total Defense Labs recently.
The authors, known for their previous exploit kits "Nuclear Pack" and "Black Hole", stated about this new zero-day, aka CVE-2013-0422.

A first look at POC code discovered on a Russian underground forum.

Although Oracle announced they have fixed the bug in JRE 7.11, it still appear to be broken...

As always, we recommend to change the status of Java plugins in your browser to 'Notify' or 'Disabled' in order to avoid those exploits that seem to be more in the wild recently.

Oracle has released a patch for this issue and all customers should be directed to apply the patch.  The vulnerability is specific to Java 7, you should apply the patch only if you are using Java 7.  You can download patch at http://www.oracle.com/technetwork/java/javase/downloads/index.html
Please be aware that even with this patch, Java 7 has been reported to have other 0-day vulnerabilities.

Although United States Department of Homeland Security has recommended that users should uninstall Java, for many users this simply isn’t an option. Many enterprises have custom apps built on the Java platform. Consumers also need access to Java for many banking and financial web sites (many of which are Java-based) and online gaming software.  This leaves the customer vulnerable to becoming infected with malware.  As always, we recommend to change the status of Java plug-ins in your browser to 'Notify' or 'Disabled' in order to avoid those exploits that seem to be more in the wild recently.
For those customers that choose not to outright disable Java (or Java Runtime Environment) on their PC, they have an option to choose to have the browser notify them when Java applet is about to be executed and prompt the user to allow or deny execution.   This leaves the option to run or not on the user.  If the user believes the web site is safe they can allow the Java applet to run.  But we know that even good sites can get compromised.

If the customer chooses not to disable Java nor be prompted when Java is going to run, then please ensure that they are running Total Defense Internet Security Suite.   While the Total Defense Internet Security Suite will not fix the Java Vulnerability, it will aid in detecting and cleaning certain malware that tries to exploit this vulnerability as well as malware that makes its way onto the PC.

If the customer is highly concerned and does not want Java to run in their browser, we have an easy way to block Java and other scripting languages using Total Defense Internet Security Suite.  From within Internet Security Suite navigate to MyInternet->UpdateSettings->BrowserProtection, and enable the Mobile Code Control protection feature which will block Java and other scripting languages from executing.   The consequence of this is that functionality on certain websites (due to Java) will be disabled.   Unfortunately in this situation the tradeoff for being secure is less functionality on the website.