Industry News

More than a Billion Users Exposed to Java Zero-Day Exploit

More than a billion users worldwide are exposed to the Java Zero-Day flaws recently disclosed on underground forums, which can be exploited to execute arbitrary code on users’ machines.

Oracle’s platform is currently installed on 3 billion devices, but not all of them run the 7.1 version that is vulnerable to the exploit. The company patches Java every four months, and the next security update is scheduled on October 16.

Bitdefender Labs have already pleaded for the “three billion reasons for which Java should get an official update, yesterday,” in the form of a small graphic novel that starts with the story of an unsuspecting browser luring users with downloadable freebies.

“Now, if this reads to you as an advertisement for Metasploit, you may be in the wrong business,” BD Labs security experts said. “If on the other hand it’s making you question the Java update policy and wondering if it may be time for an unofficial patching framework to match, you might want to drop us a line.”

HotForSecurity wrote about the Java bug Metasploit and BlackHole exploits after spotting the news on the Rapid7 community. The exploitation method is being widely spread on the Internet, and has already been integrated in two of the world’s most popular frameworks: Metasploit, a white-hat tool, and Blackhole Exploit Pack, a malware toolkit renowned in the cyber-crook world.

Zero-day exploits are attacks that take advantage of previously unknown vulnerabilities in computer applications. Their name comes from the developers’ lack of time for patching the vulnerabilities. Security specialists advise users to disable Java in their web browser or downgrade to an earlier version such as Java 1.6 that is not affected by the breach.

About the author

Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.

2 Comments

Click here to post a comment
  • i am a great fan of Bit Defender – wouldn’t be without it. If you are going to post the above on facebook – and warnings are useful – could you do it in plain English so that the average Joe can understand just what the risk is. i appreciate you like in a hi-tech world, but many of we users are specialist in things other than It and the jargon and buzz phrases simply lose us!!!!
    Keep up the good work

  • Hello, Guy, and thank you for your comment. The risk is less obvious now, as Oracle just released a patch to fix the Zero-Day vulnerabilities. If you haven’t already, you can update Java by visiting the official website. As for the IT language, we do our best at explaining security news to the average user, but some technical features can’t be completely omitted. Keep reading our blog for more HotForSecurity news & alerts! :)