(The Hosting News) – Security firm FireEye announced on Tuesday that it had discovered a key flaw in popular programming language Java. Known as “zero-day,” online hackers apparently used the vulnerability to lure in unsuspecting users, thus compromising their computer systems.
A number of web domains were used to carry out the hack attacks, according to the security firm. Nine of those domains originated in Russia while other countries of origin included the U.S., Germany and Romania.
“This morning we started getting the first indication of a large scale attack. So far we have observed over a dozen domains actively attacking systems with this exploit, and the count is increasing rapidly,” said the company via its blog.
Java developer Oracle has since responded to the vulnerability reports, releasing a patch on Thursday that supposedly corrects the problem.
So how did “zero-day” work? Oracle detailed how hackers could take advantage of the exploit to spread cyber attacks. “These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system,” commented the company.
By no means is this the first time that Java’s been used by hackers during security breaches. In April, a Mac-based Trojan called “SabPub” was notably used to target Mac OS X users.