As we’ve discussed in previous posts, we are seeing more malware abusing Java issues, including CVE-2012-4681. Currently this vulnerability is a 0-day, and to date there is no patch available from the vendor. It is known that JRE (Java Runtime Environment) 7 is vulnerable to attack on this sandbox-breach vulnerability, while JRE 6 is not. We’ve already talked about increasing your protections from Java malware in general, whether by checking to confirm that your Java installation is up to date or by, if you so choose, disabling the Java plug-in for your browser. In the case of CVE-2012-4681-exploiting malware, updating to the latest version doesn’t increase one’s protection from the issue.
If, after evaluating the available information on current threats, you decide that disabling the Java web plug-in is the right choice for you, we have step-by-step instructions for doing so in Knowledge Base article 2751647. Note that because Java can be invoked in two different ways by Internet Explorer, the KB article includes two sets of instructions – one for the applet object and one for the Java Virtual Machine object. Customers looking to fully disable the plug-in should configure both security controls. If you prefer to undertake these changes by running a script, we’ve written one that encompasses both sets of steps, and that is available here.
Update 08/30/2012 PST: Java released an update that addresses the vulnerability discussed here; you can download the update from here.
It may be necessary to remove older versions of Java that are still present. Keeping old and unsecure versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the advice here.
Jeong Wook (Matt) Oh