Write Once, Exploit Everywhere: FireEye Report Analyzes Four Widely Exploited Java Vulnerabilities
Over the last couple of decades, Java has become the lingua franca of software development, a near-universal platform that works across different operating systems and devices. With its βwrite once, run anywhereβ mantra, Java has drawn a horde of developers looking to serve a large user base as efficiently as possible.
Cyber attackers like Java for many of the same reasons. With a wide pool of potential targets, the platform has become the vehicle of choice for quickly dispersing lucrative crimeware packages.
In our continuing mission to equip security professionals against todayβs advanced cyber threats, FireEye has published a free report, βBrewing Up Trouble: Analyzing Four Widely Exploited Java Vulnerabilities.β The report outlines four commonly exploited Java vulnerabilities and maps out the step-by-step infection flow of exploits kits that leverage them.
Download the paper to learn more about these vulnerabilities:
- CVE-2013-2471, which allows attackers to override Javaβs getNumDataElements() method, leading to memory corruption.
- CVE-2013-2465,Β which involves insufficient bounds checks in the storeImageArray() function. This vulnerability is used by White Lotus and other exploit kits.
- CVE-2012-4681,Β which allows attackers to bypass security checks using the findMethod () function.
- CVE-2013-2423, whichΒ arises due to insufficient validation in the findStaticSetter () method, leading to Java type confusion. This vulnerability employed by RedKit and other exploits kits.
As explained in the paper, Javaβs popularity among the developers and widespread use in Web browsers all butΒ guarantees continuing interest from threat actors.
Motivated by the profits, cyber attackers are bound to adopt more intelligent exploit kits. And these attacks will continue to mushroom as more threat actors scramble for a piece of the crimeware pie.