Attackers are exploiting a new and unpatched vulnerability that affects the latest version of Java -- Java 7 Update 6, and it works against a fully patched Windows 7 SP1 with Java 7 Update 6, Mozilla Firefox on Ubuntu Linux 10.04, Internet Explorer / Mozilla Firefox / Chrome on Windows XP, Internet Explorer / Mozilla Firefox on Windows Vista and Windows 7, and Safari on OS X 10.7.4.
Version(s): Java 7 Update 6
Targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims' machines
The vulnerability allows computers to be infected by simply visiting a specially crafted web page, and the malware served in the current attacks contacts a C&C server in Singapore.
Impact: A module that takes advantage of the vulnerability works against a fully patched Windows 7 SP1 with Java 7 Update 6.
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
The vendor has a issued a fix Java SE 7u7.