Symantec is investigating reports that a zero-day vulnerability in Java is being exploited in a limited number of attacks. Oracle, the developer behind Java, has yet to release a patch or comment on the vulnerability. The vulnerability is reported to be exploitable by way of drive-by-download on the latest version of Java (126.96.36.199). Symantec regards this vulnerability as critical since Java is a widely used platform.
The attackers behind this zero-day vulnerability have been linked to the APT group Operation Pawn Storm (also known as APT28, Sednit, Fancy Bear, or Tsar Team).
This is the first Java zero-day reported since 2013, however a vulnerability in this widely used platform does pose a significant risk.
While no patch has been issued for the vulnerability, users who are concerned about this issue can temporarily disable Java in the browser by following these steps:
Symantec customers are protected against the payload reportedly being dropped by this zero-day vulnerability with the following detections:
Intrusion Prevention System