First Java zero-day in two years exploited by Pawn Storm hackers

Another zero-day vulnerability is being exploited in attacks spotted in the wild: this time, the targeted software is Java.

The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm.

The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit.

“The said URLs hosting the new Java zero-day exploit are similar to the URLs seen in the attack launched by the threat actors behind Pawn Storm that targeted North Atlantic Treaty Organization (NATO) members and White House last April 2015,” they explained.

In the current campaign, targets – a NATO member and a US defense organization – were directed towards these URLs via links in emails.

The exploit allows attackers to execute arbitrary code on target systems with default Java settings.

The flaw affects the latest Java version, but not older versions (v1.6 and 1.7). Oracle is working on a patch, but downgrading Java to one of the older versions is not a good idea because they are vulnerable to other attacks.

Disabling Java in your preferred browser is for now is a better option. Use a secondary browser with Java enabled to view sites you absolutely must visit and which require it.

Don't miss