The hole exists on Oracle Java SE JDK and JRE 7 and 6 update 27 and earlier. The producer has quickly provided new version with patch for the vulnerability. However, at default mode, Java SE can only check the most updated version one time a month. This makes hackers become more excited to exploit the hole despite patch has been available for a long time.
According to Bkav Honeypot system, there are many viruses spread through this dangerous hole. Hackers build a website containing the malicious .jar file, then cheat users to access that site.
An email used to cheat users to access exploited links
Bkav recommends that if users have installed Java SE, they should rapidly update its newest version. The updating on Windows can be done as following:
- Click on Control Panel
- Click on Java icon
- On Java Control Panel window, choose Update tab
* Oracle Java SE (Java Platform Standard Edition) is an environment to run Java applications. Now, it is used widely in the world.