CTA: Malwarebiter.com

CTA: New Java Zero-Days

Update: Oracle has addressed the exploit known as CVE-2013-1493 with an emergency patch.  You can read about this patch on Oracle’s blog here.

URGENT: A few days ago we heard about yet another zero-day in Oracle Java from security firm FireEye.  The exploit targets java versions 6 and 7.  Details are

on the company’s malware blog.

Fireeye reports new Java zero-day

Fireeye reports new Java zero-day

ACTION: Unfortunately, a patch has not been released by Oracle.  Users should disable java in their browsers using the following instructions (courtesy of Sophos):

ABOUT THE AUTHOR

Joshua Cannell

Malware Intelligence Analyst

Gathers threat intelligence and reverse engineers malware like a boss.