Mac OS X : Java for Mac OS X 10.7 Update 1

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Java that is affected by multiple
vulnerabilities.

Description :

The remote Mac OS X host is running a version of Java for Mac OS X
10.7 that is missing Update 1, which updates the Java version to
1.6.0_29. As such, it is affected by several security vulnerabilities,
the most serious of which may allow an untrusted Java applet to
execute arbitrary code with the privileges of the current user outside
the Java sandbox.

See also :

http://support.apple.com/kb/HT5045
http://www.securityfocus.com/archive/1/520435/30/0/threaded

Solution :

Upgrade to Java for Mac OS X 10.7 Update 1, which includes version
14.1.0 of the JavaVM Framework.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true