Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

Java 0-Day Coverage

Created: 30 Aug 2012 • Updated: 30 Aug 2012 • 7 comments
Brandon Noble's picture
+2 2 Votes
Login to vote

Greetings everyone.

We are still getting a lot of questions about Symantec's coverage of the most recent Java 0-Day. I thought I would take a moment to jot down a list of our current coverage for this event, and hopefully save everyone some time and hassle.

Current Coverage:

Not-Coverage

  • 25431 -  Web Attack: Malicious JAR File Download 6
    Although this signature was updated recently, it does not provide additional protection specific to this vulnerability.
    This was reported incorrectly for a short time in the Security Response blog, but has since been corrected.

2nd 0-day??

There has been some mention of a second Java 0-day but this seems to be a matter of semantics. The exploit requires both to actually function, so most researchers are considering them a single vulnerabilty. This may change, but its where wer are currently at.

That said, all the coverage information above, still holds true.

http://threatpost.com/en_us/blogs/researchers-iden...
http://www.informationweek.com/security/vulnerabil...

Security Response Blogs:

New Java Zero-Day Vulnerability (CVE-2012-4681)
Java Zero-Day Used in Targeted Attack Campaign

Comments 7 CommentsJump to latest comment

Srikanth_Subra's picture

Hi,

As per this post as of now it is not recommended to download and install java?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

+2
Login to vote
John Santana's picture

Hm... Does SEP v 12.1 can prevent this issue ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

+4
Login to vote
Brandon Noble's picture

@Srikanth

Pathing the vulnerable application is ALWAYS to be preffered.

@John

In my post you will find the links to the IPS signatures. Those are deployed through IPS in SEP 12.1. So, yes, you are protected as lonag as you have the IPS component installed.

If not, then why not? :)

Brandon Noble
ESS Incident Response Officer
Security Response Liaisons
Symantec Corporation 
www.symantec.com

+2
Login to vote
Brandon Noble's picture

Update [August 30, 2012] -

Java Zero-Day Used in Targeted Attack Campaign

ALSO

Oracle has issued a patch: Java SE 7 Update 7 for CVE-2012-4186.
Users are advised to download the latest update.

Brandon Noble
ESS Incident Response Officer
Security Response Liaisons
Symantec Corporation 
www.symantec.com

+1
Login to vote
John Santana's picture

Ah ok, yes it seems that I have IPS enabled on all of my SEP clients as at below.

but my servers only got the Virus and Spyware protection :-|

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

+2
Login to vote
Brandon Noble's picture

@ John

Proactive Threat Protection or PTP updates on a non-standard schedule.

You can find the current definitions date for all the technologies here:
http://www.symantec.com/security_response/definiti...

This is a good one to bookmark!

Also, please note we had a few issues with the site not reflecting the accurate date for PTP defs last week. You can see my responses to the following post for more info on that:
PTP not updating all other definitions are uptodate

Brandon Noble
ESS Incident Response Officer
Security Response Liaisons
Symantec Corporation 
www.symantec.com

+1
Login to vote
John Santana's picture

Thank you for the clarification Brandon !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

-2
Login to vote