Monday, December 12, 2011

Exploit Kit Intelligence: Blackhole 1.2.1 & Java

Building on top of the reports by Brain Kerbs over at Krebs on Security....

Steven over at the XyliBox blog outlines the recent update to the Blackhole Exploit Kit.
BlackHole 1.2.1:
1. Added Java Rhino exploit [CVE-2011-3544], working silently on all browsers and OS, this increased success rate.
2. Java SMB, Java Skyline, Java Trust removed for no need (Java Rhino covers the whole range of vulnerable JRE from these exploits)
According to just the single instance of Blackhole outlined by Steven, the CVE-2011-3544 exploit was responsible for over 83% of the successful infections made by this specific kit. That is huge!

PDF exploits followed Java with just 11% of the successful hits. Very likely due to Adobe works to harden Adobe X against PDF exploitation.


CVE-2011-3544: Oracle Java Applet Rhino Script Engine Remote Code Execution


Oracle Java SE Critical Patch Update Advisory - October 2011
This Critical Patch Update contains 20 new security fixes for Oracle Java SE - including CVE-2011-3544.
Users are recommended to update to Java 6 Update 29 or Java 1 Update 1 to close the CVE-2011-3544 vulnerability.

No comments:

Post a Comment