As per researchers, malware in the current threat contacts a C&C server in Singapore. While reports confirm that the number of such attacks are low, steps will have to be taken to curb it before attackers and hackers exploit this further. In the current threat, the Poison Ivy Remote Access Trojan is being installed.
Another vulnerability management company, Rapid7, has also added the attack to its penetration testing framework. The vulnerability is most likely going to show up in the BlackHole exploit toolkit that is a popular threat on the Internet.
The regular software fixation schedule is due in October. However Oracle, which releases Java patches on quarterly basis, may have to plan for an out-of-cycle update. This is significant to ensure that hackers cannot take further disadvantage of the vulnerability.
A renowned security company, DeepEnd Security, has in the meanwhile suggested users to disable Java. However this is practically not feasible owing to the numerous corporations that rely on Java-based web applications. Hence, as an interim solution, some security experts are pitching for an unofficial patch for the program.
As per industry experts, the exploit impacts situations where Java sandbox is used like browser applets. The vulnerability does not affect the software when it is used in back-end systems for applications or websites.