F-Secure’s Timo Hirvonen has spotted a Java 6 Zero-Day in the wild that is exploiting the vulnerability, CVE-2013-2463, a few days after proof-of-concept code was published. He also indicated that the exploit has been integrated into the Neutrino exploit kit. Successful exploitation could allow an attacker to execute arbitrary code after tricking the victim into visiting a malicious web page. Readers are advised to update to Java 7 Update 25 if Java 6 is still deployed. Users that don’t require Java in their daily duties may consider uninstalling Java.
http://news.softpedia.com/news/Java-6-Zero-Day-Spotted-in-the-Wild-Users-Advised-to-Update-to-Java-7-378432.shtml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://www.f-secure.com/weblog/archives/00002589.html
The Hackers New
- CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief
- Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day
- Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer
- Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads
- Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
- Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security
- New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT
- CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
- Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware
- Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown