New Java Exploit: A Cup Half Empty

The media doomsayers with their calls for PC users to disable Java in the wake of a vulnerability identified last Thursday were chilling. Now that Oracle has released a JDK 7 update that addresses the Java vulnerability (which made the media rounds almost as fast as it was picked up by the exploit kits), it’s time to chill. Software is and will continue to be vulnerable.

Mat Honan’s note in SANS NewsBites summed it up best: “It seems each time a zero day exploit is found in software, be that Java or otherwise, the industry pundits recommend that people stop using that software. New vulnerabilities will always be discovered in the software we use. If our best defense to a threat is to cause a denial-of-service on ourselves then this in the long term is a no-win strategy for us as an industry. We need to be looking at better ways to defend our systems and data, one good place to start is the 20 Critical Security Controls.”

Follow the prevailing guidance to disable Java if you don’t need it, but what about the next zero-day? The folks over at SANS shared Immunity’s analysis of the Java MBeanInstantiator.findClass vulnerability. Three interesting observations: JDK 6 and likely 5 are both vulnerable; other sandboxed runtime environments with rich APIs have similar risks; and this vulnerability was already being widely exploited for mass malware installation in advance of its disclosure.

Bit9 is the global leader in Advanced Threat Protection and Trust-Based Application Control.

Sign-up for a free 5-day trial

More doom? No, but a clear call for approaches that help mitigate such threats. Bit9’s trust-based approach to application control and whitelisting can help contain any damage, whether it starts inside a sandbox or with a native application. You don’t need to disable Java; you need to prevent the malware that exploits this (and the inevitable next) vulnerability from running. That’s exactly what we do.

Bit9 can track all the Java files (and all the other applications) in your environment. Those you trust are allowed to run; those you don’t are blocked. If you haven’t turned on support for tracking Java in Bit9, then you’re missing part of your best defense.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: