Mac OS X : Java for Mac OS X 10.6 Update 4

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Java that is affected by multiple
vulnerabilities.

Description :

The remote Mac OS X host is running a version of Java for Mac OS X
10.6 that is missing Update 4. As such, it is affected by several
security vulnerabilities, the most serious of which may allow an
untrusted Java applet to execute arbitrary code with the privileges of
the current user outside the Java sandbox.

See also :

http://support.apple.com/kb/HT4562
http://lists.apple.com/archives/security-announce/2011/Mar/msg00001.html

Solution :

Upgrade to Java for Mac OS X 10.6 Update 4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true