Mac OS X : Java for OS X 2012-005

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.

Synopsis :

The remote host has a version of Java that contains methods that can
aid in further attacks.

Description :

The remote Mac OS X 10.7 or 10.8 host is running a version of Java
for Mac OS X that is missing update 2012-005, which updates the Java
version to 1.6.0_35. As such, it potentially contains two methods
that do not properly restrict access to information about other
classes. Specifically, the 'getField' and 'getMethod' methods in the
'sun.awt.SunToolkit' class provided by the bundled SunToolKit can be
used to obtain any field or method of a class - even private fields
and methods.

Please note this issue is not directly exploitable, rather it can aid
in attacks against other, directly exploitable vulnerabilities, such
as that found in CVE-2012-4681.

See also :

Solution :

Apply the Java for OS X 2012-005 update, which includes version 14.4.0
of the JavaVM Framework.

Risk factor :


Family: MacOS X Local Security Checks

Nessus Plugin ID: 61998 ()

Bugtraq ID: 55339

CVE ID: CVE-2012-0547

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now