Mac OS X : Java for OS X 2013-005

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Java that is affected by multiple
vulnerabilities.

Description :

The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is
missing the Java for OS X 2013-005 update, which updates the Java
version to 1.6.0_65. It is, therefore, affected by multiple security
vulnerabilities, the most serious of which may allow an untrusted Java
applet to execute arbitrary code with the privileges of the current
user outside the Java sandbox.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-244/
http://www.zerodayinitiative.com/advisories/ZDI-13-245/
http://www.zerodayinitiative.com/advisories/ZDI-13-246/
http://www.zerodayinitiative.com/advisories/ZDI-13-247/
http://www.zerodayinitiative.com/advisories/ZDI-13-248/
http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
http://support.apple.com/kb/HT5982
http://www.nessus.org/u?74a1d7ee
http://www.securityfocus.com/archive/1/529239/30/0/threaded

Solution :

Apply the Java for OS X 2013-005 update, which includes version
14.9.0 of the JavaVM Framework.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial