New Java Zero Day Vulnerability – CVE (2013-0422)

A new Java zero day vulnerability has appeared in the wild. The vulnerability was originally posted on pastebin here.

The exploit was first reported on the malware.dontneedcoffe.com here with a detailed explanation, it has already been included in known exploit kits such as the Black Hole exploit kit.

The exploit has been assigned a Common Vulnerabilities and Exposures reference (CVE-2013-0422) see http://cve.mitre.org.

At present, the only workaround available are :

  • Disable Java entirely
  • If you don’t need Java, remove it from the system entirely

Cyberkryption advises to check to see if Java is installed on your machine as it is often installed by third party programs that require it, on Windows systems this can be done in the Control Panel.

There is a guide to disabling java in your web browser for PC & Mac based systems here. For Linux based systems, Cyberkryption recommends you check your distributions forums.

Regards

Cyberkryption

Comments are closed.