Today Palo Alto Networks has released an emergency content release (version 349) that addresses critical new vulnerabilities in Java JRE as well as Adobe Reader. Exploits of the Java vulnerabilities have been observed in the wild in exploit kits such as Blackhole, which are key enablers of drive-by-downloads of malware.
In addition to applying the content release, it is recommended that customers consider the following controls and safeguards:
- Tightly control the movement of .JAR files, especially from the Internet. JAR files are used to deliver the malware from these drive-by-downloads, and policies should ensure that JAR files are only accepted from internal or highly trusted sources, and only allowed to Java-enabled systems that have a need for JAR files. Furthermore consider blocking JAR files in unknown traffic or from high-risk or unknown URL categories.
- Disable Java in web-browsers for end-users who don’t have a requirement for Java. Users who have a need for Java should consider dedicating a browser for Java-enabled uses, and a non-Java-enabled browser for use on the Internet.