From vendor:
Symantec is aware and has reported on the technical details surrounding Java’s recent Zero Day, which allows criminals to install malware on computers of affected users who visit compromised websites: Java Zero-Day Dished Up from Cool Exploit Kit and Additional Protection for Recent Java Zero-Day
The United States Department of Homeland Security advised users to disable Java in their browsers until Oracle released a patch for this vulnerability. Oracle reported it released a patch on Sunday, Jan. 13, to address this vulnerability.
Symantec customers are protected against this vulnerability. Symantec detects JAR files served up by the various exploit kits as Trojan.Maljava and has further protection in place with Trojan.Maljava!gen26. Additionally, Symantec has released the following IPS signatures to proactively block the malicious JAR files associated with these exploit attempts:
· Web Attack: Exploit Toolkit Website 15
· 26102 - Trojan.Ransomlock.G Download
· 25738 - Web Attack:Malicious JAR File Download 11
· 26084 - Web Attack: Cool Exploit Kit Website
· 26250 - Web Attack: Cool Exploit Kit PDF Download
· 26364 - Web Attack: Malicious Java Download CVE-2013-0422
· 26357 - Web Attack: Java JMX RCE CVE-2013-0422
· 26358 - Web Attack: Java JMX RCE CVE-2013-0422 2
By blocking the JAR files containing the exploit, downloading and execution of additional malicious files will not occur.
Q. Has Oracle acted quickly/responsibly in dealing with this issue?
A. As far as we are aware, Oracle was informed of the exploit on Thursday the 10th. A patch was made available three days later on the 13th. That is a very quick turnaround time to respond, discover exactly how the flaw works, fix it, test it and then deploy it.
Q. Aside from just patching Java now, what should users do to protect against the risks that may be associated with Java?
A. As with all browser plug-ins that may be vulnerable to exploits, users need to keep them up-to-date; and most importantly, only enable those plug-ins on trusted.
Q. Does Symantec recommend that users disable Java from their browsers?
A. No. Symantec is not recommending disabling Java. Symantec has protection in place to protect users. However, should a user not require Java for everyday use, it wouldn’t hurt as an extra precautionary measure to disable Java temporarily and then enable it again when needed.