Mac OS X : Java for Mac OS X 10.6 Update 10

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Java that contains methods that can
aid in further attacks.

Description :

The remote Mac OS X host is running a version of Java for Mac OS X
10.6 that is missing Update 10, which updates the Java version to
1.6.0_35. As such, it potentially contains two methods that do not
properly restrict access to information about other classes.
Specifically, the 'getField' and 'getMethod' methods in the
'sun.awt.SunToolkit' class provided by the bundled SunToolKit can be
used to obtain any field or method of a class - even private fields
and methods.

Please note this issue is not directly exploitable, rather it can aid
in attacks against other, directly exploitable vulnerabilities, such
as that found in CVE-2012-4681.

See also :

http://www.nessus.org/u?00370937
http://support.apple.com/kb/HT5473
http://lists.apple.com/archives/security-announce/2012/Sep/msg00000.html
http://www.securityfocus.com/archive/1/524112/30/0/threaded

Solution :

Upgrade to Java for Mac OS X 10.6 Update 10, which includes version
13.8.3 of the JavaVM Framework.

Risk factor :

None

Family: MacOS X Local Security Checks

Nessus Plugin ID: 61997 ()

Bugtraq ID: 55339

CVE ID: CVE-2012-0547

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial