Vulnerabilidade crítica no Java
Attack targeting critical Java bug added to hack-by-numbers exploit kit
On Monday night, about 24 hours after the vulnerability became public, attack code exploiting it was added to BlackHole, an exploit kit sold in underground forums, security researchers said. A quick inspection of the BlackHole attack by antivirus provider F-Secure found it used many of the same coding conventions contained in a proof-of-concept exploit published earlier by security researcher Joshua Drake. It also added to the Metasploit exploit framework used by penetration testers and hackers.
"There being no latest patch against this, the only solution is to totally disable Java," F-Secure researchers wrote. "Since this is the most successful exploit kit + zero-day... que horror. Please, for the love of your computer disable Java on your browser."
Researchers from Symantec on Tuesday reported two websites that are actively wielding the exploit, up from the single site discovered on Sunday.
Artigo completo na ArsTechnica