Steven over at the XyliBox blog outlines the recent update to the Blackhole Exploit Kit.
BlackHole 1.2.1:According to just the single instance of Blackhole outlined by Steven, the CVE-2011-3544 exploit was responsible for over 83% of the successful infections made by this specific kit. That is huge!
1. Added Java Rhino exploit [CVE-2011-3544], working silently on all browsers and OS, this increased success rate.
2. Java SMB, Java Skyline, Java Trust removed for no need (Java Rhino covers the whole range of vulnerable JRE from these exploits)
PDF exploits followed Java with just 11% of the successful hits. Very likely due to Adobe works to harden Adobe X against PDF exploitation.
------------------------------------------------------------------------
CVE-2011-3544: Oracle Java Applet Rhino Script Engine Remote Code Execution
http://schierlm.users.sourceforge.net/CVE-2011-3544.html
------------------------------------------------------------------------
Oracle Java SE Critical Patch Update Advisory - October 2011
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
This Critical Patch Update contains 20 new security fixes for Oracle Java SE - including CVE-2011-3544.Users are recommended to update to Java 6 Update 29 or Java 1 Update 1 to close the CVE-2011-3544 vulnerability.
No comments:
Post a Comment