Endpoint Protection

 View Only
Expand all | Collapse all

Java Critical Flaw

John Santana

John SantanaSep 03, 2012 08:14 PM

  • 1.  Java Critical Flaw

    Posted Aug 27, 2012 04:40 PM

    Hello, has Symantec address this? Is this something that SEP can assist with or block?

    http://arstechnica.com/security/2012/08/critical-flaw-under-active-attack-prompts-calls-to-disable-java/



  • 2.  RE: Java Critical Flaw

    Posted Aug 27, 2012 04:54 PM

    Nothing yet.

    I would expect something soon though. You can disable java in the browser and block the domain.



  • 3.  RE: Java Critical Flaw

    Posted Aug 27, 2012 04:57 PM

    Can this or anything be done through SEP? I don't want to have to disable java on thousands of endpoints or explain to users how to do it and why they need to do it.



  • 4.  RE: Java Critical Flaw

    Posted Aug 27, 2012 05:42 PM

    You would need to create an ADC policy to essentially block java from loading.



  • 5.  RE: Java Critical Flaw
    Best Answer

    Trusted Advisor
    Posted Aug 28, 2012 03:36 AM

    Hello,

    Symantec is now Detecting this Threat as Java.Awetook.

    http://www.symantec.com/security_response/writeup.jsp?docid=2012-082715-0841-99&om_rssid=sr-latestthreats30days

    Java.Awetook exploits a zero-day vulnerability in the Java Runtime Environment (JRE) to escalate its privileges in order to download and run a malicious payload on the compromised computer.

    Here is the Latest BLOG from Symantec Security Response Team.

    New Java Zero-Day Vulnerability (CVE-2012-4681)

    https://www-secure.symantec.com/connect/blogs/new-java-zero-day-vulnerability-cve-2012-4681

    Here are Few Symantec BLOGs in respect to JAVA in the past 2 weeks.

    CVE-2012-1535: Adobe Flash Player Vulnerability Exploited with Multiple Emails

    https://www-secure.symantec.com/connect/blogs/cve-2012-1535-adobe-flash-player-vulnerability-exploited-multiple-emails

    Exploitation of Java Vulnerabilities

    https://www-secure.symantec.com/connect/blogs/exploitation-java-vulnerabilities

    Hope that helps!!



  • 6.  RE: Java Critical Flaw

    Posted Aug 30, 2012 04:06 AM

    Well can't blame Symantec and other AV vendor because Oracle only update quarterly and they rate this as low priority...

     

    lol



  • 7.  RE: Java Critical Flaw

    Trusted Advisor
    Posted Aug 30, 2012 05:00 AM

    Hello,

    Followers of this Thread may be interested in:

    Latest BLOG from Symantec Security Response Team.

    New Java Zero-Day Vulnerability (CVE-2012-4681)

    http://bit.ly/TnYqSq

    and now, Symantec has added detection of Trojan.Maljava!gen24 to it's List.

    Trojan.Maljava!gen24 is a heuristic detection used to detect threats associated with the Trojan.Maljava and Java.Awetook families.

    http://bit.ly/PNOUKa

    Hope that helps!!

     



  • 8.  RE: Java Critical Flaw

    Posted Aug 30, 2012 05:17 AM

    For Oracle Java SE Critical Patch Updates, the next three dates are:

    • 16 October 2012
    • 19 February 2013
    • 18 June 2013

     

     

     

    http://www.oracle.com/technetwork/topics/security/alerts-086861.html

     



  • 9.  RE: Java Critical Flaw

    Posted Aug 30, 2012 07:35 AM

    And the real kicker was Oracle was informed of these in April

     



  • 10.  RE: Java Critical Flaw

    Posted Aug 30, 2012 11:42 AM

    New Security Response blog about this: interesting........

    Java Zero-Day Used in Targeted Attack Campaign
     https://www-secure.symantec.com/connect/blogs/java-zero-day-used-targeted-attack-campaign



  • 11.  RE: Java Critical Flaw

    Posted Sep 03, 2012 12:08 AM

    Saw few articles saying Oracle already knew about this flaw being possibly exploited... seems they won't patch until somebody moan about it ;)

     

    Also the bug hunters said the out-of-band patch also flawed.....

     

    http://securitywatch.pcmag.com/none/302218-oracle-quietly-releases-emergency-java-patch

    http://reviews.cnet.com/8301-13727_7-57504640-263/new-vulnerabilities-found-in-latest-java-update/

     

     



  • 12.  RE: Java Critical Flaw

    Posted Sep 03, 2012 03:25 AM

    Yes, I wonder if this is exploits can be audited and prevented with the current SEPM v 12.1 RU1 MP1



  • 13.  RE: Java Critical Flaw

    Trusted Advisor
    Posted Sep 03, 2012 10:16 AM

    Hello,

    Here is the Latest BLOG added in reference to the Java 0-day

    Java 0-Day Coverage

    http://bit.ly/NHJhid

    Hope that helps!!



  • 14.  RE: Java Critical Flaw

    Posted Sep 03, 2012 08:14 PM

    Thanks all !