Threat Research & Response Blog
The last few months we have seen a drastic increase in Java-based malware abusing the CVE-2012-0507 AtomicReferenceArray type-confusion vulnerability. In addition to that, a few weeks ago, a new Java vulnerability was found (CVE-2012-1723); it is also a type-confusion vulnerability. The attack abusing this new vulnerability is also very active.
Traditionally, Java has a strong security model, but with type-confusion vulnerabilities, this model is easily broken. Type-confusion is a vulnerability that occurs when type safety check in Java Runtime Environment fails in verifying wrong types supplied to instructions working with different types. This is very dangerous. For example, some of the types from the Java system, like ClassLoader, can be the target of this attack. If those classes' type safety is broken, you can access some methods that are not supposed to be opened to outside of the class. This class' type safe violation ultimately leads to a Sandbox compromise for Java.
The most effective measure against these vulnerabilities is updating your Java installation. To check the version of JRE your browser is running, visit following link:
If you see a message like the following, then you need to upgrade your Java installation, as you are vulnerable to Java-based malware infections. The page provides a link to the latest JRE installation, as seen in the image below.
If you prefer, you may also just disable your current Java Plug-in temporarily to prevent being vulnerable to Java-based threats. To do this, on Windows systems, go to "Control Panel" and select "Java". When the "Java Runtime Environment Settings" dialog box appears, select the "Java" tab. From there, click the "View" button. You will see a list similar to the following.
You can just uncheck the "Enabled" check box to disable that installation from being used by Java Plug-in and Java Web Start. The detailed description of this dialog box is available here. Even though you can disable Java Plug-in on a per-browser basis, this method is most effective in disabling Java Plug-in system-wise.
For Mac OSX platform, the method to disable Java Plug-in for Safari is available here:
If you don't use Java Plug-in and other Java-based applications at all, you can just remove JRE itself by following the instructions from the link below:
So, by following some simple steps, you can protect your machine from this malware infection by choosing to update, disable or uninstall. All of these will be effective for preventing currently prevalent Java based malware; it's just up to you to choose the right method to protect yourself based on your needs and situation.
Jeong Wook (Matt) OhMMPC