Mac OS X : Java for Mac OS X 10.6 Update 6

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Java installed that is affected by
multiple vulnerabilities.

Description :

The remote Mac OS X host is running a version of Java for Mac OS X
10.6 that is missing Update 6, which updates the Java version to
1.6.0_29. It is, therefore, affected by multiple security
vulnerabilities, the most serious of which may allow an untrusted Java
applet to execute arbitrary code with the privileges of the current
user outside the Java sandbox.

See also :

http://support.apple.com/kb/HT5045
http://www.securityfocus.com/archive/1/520435/30/0/threaded
https://www.imperialviolet.org/2011/09/23/chromeandbeast.html
https://www.openssl.org/~bodo/tls-cbc.txt

Solution :

Upgrade to Java for Mac OS X 10.6 Update 6, which includes version
13.6.0 of the JavaVM Framework.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true