IDG News Service – (International) Unpatched Java vulnerability exploited in Blackhole-based attacks. Attacks targeting an unpatched vulnerability in the latest versions of Java 7 have become widespread after an exploit for the new flaw was integrated into the popular Blackhole attack toolkit, according to security researchers from antivirus vendor Kaspersky Lab. ―The first victim regions to be hit with the Blackhole stuff were the U.S., the Russian Federation, Belarus, Germany, the Ukraine and Moldova, a Kaspersky researcher said August 28 in a blog post. After a reliable exploit for the new Java vulnerability — now identified as CVE-2012-4681 — was released August 27, many researchers warned that cybercriminals would soon start targeting the flaw on a large scale. Kaspersky’s new report shows that the toolkit’s customers have already started using it. ―Oracle needs to step it up and deliver an OOB [out-of-band] patch, which historically they have failed to do, the Kaspersky researcher said.
Ali Loney, on August 28, 2012