Mac OS X : Java for Mac OS X 10.6 Update 3

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Java that is affected by multiple
vulnerabilities.

Description :

The remote Mac OS X host is running a version of Java for Mac OS X
10.6 that is missing Update 3.

The remote version of this software contains several security
vulnerabilities, including some that may allow untrusted Java applets
or applications to obtain elevated privileges and lead to execution of
arbitrary code with the privileges of the current user outside the
Java sandbox.

See also :

http://support.apple.com/kb/HT4417
http://lists.apple.com/archives/security-announce/2010/Oct/msg00000.html

Solution :

Upgrade to Java for Mac OS X 10.6 Update 3 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 50073 (macosx_java_10_6_update3.nasl)

Bugtraq ID: 36935
40235
44277
44279

CVE ID: CVE-2009-3555
CVE-2010-1321
CVE-2010-1826
CVE-2010-1827