Exploit:Java/CVE-2011-3521.A

Exploits for Java and Flash are nothing particularly new and are often patched up soon by the latest versions of the Java Runtime Environment. However, it is essential for computer users to be aware of the existence of dangers like the Exploit:Java/CVE-2011-3521.A exploit and to ensure that their software, operating system and security applications are fully updated in order to protect them from these kinds of attacks. Apart from ensuring that you have the latest version of Java, ESG malware analysts also recommend that you disable Java when you are not using it and that you set your security preferences so that Javascript is disabled for websites with which you may be unfamiliar. In fact, if you do not really need Java, ESG security analysts even recommend that you remove it from your computer system completely. The Exploit:Java/CVE-2011-3521.A can be used to install malicious files on the victim's computer that can do anything from steal your information, spy on your activity, or destroy your files.

Taking a Closer Look at the Exploit:Java/CVE-2011-3521.A Java Exploit

Vulnerabilities similar to Exploit:Java/CVE-2011-3521.A were extremely common when it was first released, but they have been consistently patched and fixed as soon as they are found. ESG security analysts at first thought that the Exploit:Java/CVE-2011-3521.A exploit can attack well-known Java vulnerabilities like CVE-2012-0506, which have been patched in the latest updates and had not been known to be exploited in the wild. The Exploit:Java/CVE-2011-3521.A seems not to have an effect on versions of Java that have already been patched (that is, after JRE6, update 31).

It seems that the Exploit:Java/CVE-2011-3521.A exploit is actually taking advantage of a deserialization vulnerability known as CVE-2011-3521. After this discovery in February of 2012, PC security analysts have taken steps to stop Exploit:Java/CVE-2011-3521.A attacks in the latest Java patch. Vulnerabilities like the ones exploited by the Exploit:Java/CVE-2011-3521.A exploit are known as "Type Confusion Vulnerabilities." These consist in "confusing" the Java Runtime Environment by exploiting how it classifies objects that are stored. In order to make Java more efficient, programmers have Java verify the type of object when it is stored so that it will not need to be checked repeatedly in order to verify its type. By "sneaking in" an object of another type, criminals can then create malicious applets that allow them to drop a file onto the victim's computer without the victim's authorization.