Summary: Already the hacker’s tool of choice, BlackHole exploitation rates have soared from a success rate of one in 10 to just one in four, due to the inclusion of a recent Java zero day.
Did you update your Java Plug-in with the Update 7 after the critical vulnerability discovered last week? You’d better wait!
Adam Gowdiak, CEO of Security Exploration, the Polish startup that discovered the Java SE 7 vulnerabilities (immediately exploited by cyber criminals), has discovered a new flaw that affects the patched version of Java released this Thursday. A patch released outside the consolidated Oracle update cycle which foresees three updates per year: an uncommon event for the company which demonstrates the seriousness of the security hole.
Unluckily, history is repeating, Adam Gowdiak has toldThe Register, that just-released Java SE 7 Update 7, contains a flaw that could allow an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.
Even more unluckily, history is totally repeating: as happened for the previous vulnerability, the bug was reported to Oracle in April 2012 (and unfortunately is not yet patched).
At this point there is no other choice than disabling Java from your favourite browser.
If you want to know if your browser is vulnerable, you can click the following link:http://www.isjavaexploitable.com/.
Disable Java or Die!