News and Notes from the Makers of Nexus | Sonatype Blog

New Java Exploit To Debut In BlackHole Exploit Kits

Written by Ali Loney | July 10, 2012

While this appeared on our Security feed last week, it's important enough to reblog this as it affects just about everyone who is running Nexus. If you haven't yet applied the latest Java patch from Oracle, it's time to do so...because it is starting to show up in rootkits. While our Insight product isn't specifically designed to intercept JVM-level vulnerabilities, it will catch insecure libraries in your applications, learn more about Insight today.

Krebs on Security – (International) New Java exploit to debut in BlackHole exploit kits. Malicious computer code that leverages a newly-patched security flaw in Oracle’s Java software was set to be deployed late the week of July 2 to cyber criminal operations powered by the BlackHole exploit pack. The attack may be related to an exploit published for CVE-2012-1723 in mid-June. However, according to the current vendor of the BlackHole exploit pack, the exact exploit for this vulnerability has only been shared and used privately to date. The BlackHole author said the new Java attack was to be included in a software update made available July 8 to all paying and licensed users of BlackHole.

Source: http://krebsonsecurity.com/2012/07/new-java-exploit-to-debut-in-blackhole-exploit-kits/