Detections
Analytics
Mac OS X : Java for Mac OS X 10.6 Update 11
critical Nessus Plugin ID 62594
Language:
Synopsis
The remote host has a version of Java that is affected by multiple vulnerabilities.Description
The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 11, which updates the Java version to 1.6.0_37. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.Solution
Upgrade to Java for Mac OS X 10.6 Update 11, which includes version 13.8.5 of the JavaVM Framework.See Also
http://support.apple.com/kb/HT5549
http://lists.apple.com/archives/security-announce/2012/Oct/msg00001.html
Plugin Details
Severity: Critical
ID: 62594
File Name: macosx_java_10_6_update11.nasl
Version: 1.18
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 10/17/2012
Updated: 11/27/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.0
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:apple:java_1.6
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/16/2012
Vulnerability Publication Date: 10/16/2012
Exploitable With
Metasploit (Sun Java Web Start Double Quote Injection)
Reference Information
CVE: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089
BID: 55501, 56025, 56033, 56039, 56046, 56051, 56055, 56058, 56059, 56061, 56063, 56065, 56071, 56072, 56075, 56076, 56080, 56081, 56083
APPLE-SA: APPLE-SA-2012-10-16-1