Mac OS X : Java for Mac OS X 10.5 Update 3

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Java that is affected by multiple
vulnerabilities.

Description :

The remote Mac OS X 10.5 host is running a version of Java for Mac OS X
that is missing Update 3.

The remote version of this software contains several security
vulnerabilities in Java Web Start and the Java Plug-in. For instance,
they may allow untrusted Java Web Start applications and untrusted Java
applets to obtain elevated privileges. If an attacker can lure a user
on the affected host into visiting a specially crafted web page with a
malicious Java applet, he could leverage these issues to execute
arbitrary code subject to the user's privileges.

See also :

http://support.apple.com/kb/HT3437
http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html

Solution :

Upgrade to Java for Mac OS X 10.5 Update 3.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 35686 (macosx_java_10_5_update3.nasl)

Bugtraq ID: 32892

CVE ID: CVE-2008-2086
CVE-2008-5340
CVE-2008-5342
CVE-2008-5343