Mac OS X : Java for Mac OS X 10.6 Update 16

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Java that is affected by multiple
vulnerabilities.

Description :

The remote Mac OS X host has a version of Java for Mac OS X 10.6 that
is missing Update 16, which updates the Java version to 1.6.0_51. It
is, therefore, affected by multiple security vulnerabilities, the most
serious of which may allow an untrusted Java applet to execute
arbitrary code with the privileges of the current user outside the
Java sandbox.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-132/
http://www.zerodayinitiative.com/advisories/ZDI-13-151/
http://www.zerodayinitiative.com/advisories/ZDI-13-152/
http://www.zerodayinitiative.com/advisories/ZDI-13-153/
http://www.zerodayinitiative.com/advisories/ZDI-13-154/
http://www.zerodayinitiative.com/advisories/ZDI-13-155/
http://www.zerodayinitiative.com/advisories/ZDI-13-156/
http://www.zerodayinitiative.com/advisories/ZDI-13-157/
http://www.zerodayinitiative.com/advisories/ZDI-13-158/
http://www.zerodayinitiative.com/advisories/ZDI-13-159/
http://www.zerodayinitiative.com/advisories/ZDI-13-160/
http://archives.neohapsis.com/archives/fulldisclosure/2013-08/0209.html
http://archives.neohapsis.com/archives/fulldisclosure/2013-08/0274.html
http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
http://support.apple.com/kb/HT5797
http://lists.apple.com/archives/security-announce/2013/Jun/msg00002.html
http://www.securityfocus.com/archive/1/526907/30/0/threaded

Solution :

Upgrade to Java for Mac OS X 10.6 Update 16, which includes version
13.9.7 of the JavaVM Framework.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true