YAJZE: Yet another Java Zero-Day Exploit (Update)

Unfortunately, it is really the case to say that Java has “yet another zero-day exploit”.

The latest version of Java, v7 Update 10 is affected and currently there is no plan for a patch. The vulnerability which is already used in online attacks is a code injection onto a fully patched Windows system running the affected Java version. It is not known yet if other versions of Java are affected. In order to get affected, somebody has to visit a website running the exploit applet which performs the code injection.

Here you can test if you have Java active in your browser: http://java.com/en/download/installed.jsp

If in the meantime you re-activated the Java plugin in your  browser since the last zero-day exploit at the end of August 2012, here is how to deactivate it again:

  • Deactivate the Java plugin in Chrome
  • Deactivate the Java plugin in Firefox
  • Deactivate the Java plugin in Safari
  • Deactivate the Java plugin in IE: it is very tricky. I will write a detailed article about how to do this. Don’t simply think that by deactivating the plugin in the Add-ons list of IE does the job, as anybody would expect. Until then, please uninstall Java from your system through “Programs and features” or “Add and remove Programs”. Note that this will make Java unavailable for all browsers.
  • Starting with Java v7 Update 10 there is a new security feature added to Java. You can disable Java through the Java Control Panel in all browsers. Here is a detailed how-to from Java.com.

All Avira products detect such exploits under the names: EXP/Java.AL, EXP/Java.AM, EXP/Java.AN, EXP/Java.AO, EXP/CVE-2013-0422.A, EXP/CVE-2013-0422.B, EXP/CVE-2013-0422.C

Saturday, January 12, 9AM: Avira released the update of the scanning engine which detects all variants of the exploit as EXP/CVE-2013-0422.

Looking for the German version of this post?

Sorin Mustaca

IT Security Expert