On hacking forums, there was “good news”, which added a new set of powerful Blackhole exploit for the latest Java-vulnerability CVE-20120-0507, which allows you to bypass the sandbox mechanism for Java, reported by Brian Krebs .
Java-exploits today are the most effective “weapons of mass destruction” . According to statistics from various sources (Phoenix, Blackhole), is the most effective exploits on the number of infected users.
At the same time Blackhole – the most popular program on the market. According to statistics, II floor. 2011 , Blackhole become a source of 95.1% of all malicious URL, registered during the reporting period. Thus, the appearance in his new arsenal of effective weapons is a serious security threat to users who do not put the latest patches for Java (and most of these).
According to experts, leadership Blackhole on the market made ??possible by the great work done by the authors of this tool. They carefully monitor all new vulnerabilities and promptly update the tool most relevant and effective exploits. It appeared in the Blackhole more than half of the most popular and effective exploits that come out in the II floor. 2011, including serious bugs in the products of Adobe, Java and Microsoft. Now developers Blackhole again confirmed her high class to include a program for Java-exploit vulnerabilities CVE-20120-0507, details of which were published recently. A week ago, experts from Microsoft to report the discovery of the first examples of code that can be the basis for a reliable Java-exploit, and now he has appeared.
In this case, bypassing the sandbox JRE is due to vulnerabilities in AtomicReferenceArray, then there is a vulnerability in a component of logic, rather than damage to memory, so this exploit will work much more reliably on all systems.