Mac OS X : Java for OS X 2014-001

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Java installed that is affected by
multiple vulnerabilities.

Description :

The remote Mac OS X 10.7, 10.8, 10.9, or 10.10 host has a Java runtime
that is missing the Java for OS X 2014-001 update, which updates the
Java version to 1.6.0_65. It is, therefore, affected by multiple
security vulnerabilities, the most serious of which may allow an
untrusted Java applet to execute arbitrary code with the privileges of
the current user outside the Java sandbox.

Note that the Java for OS X 2014-001 update installs the same version
of Java 6 included in Java for OS X 2013-005.

See also :

http://support.apple.com/kb/HT6133
http://support.apple.com/kb/dl1572

Solution :

Apply the Java for OS X 2014-001 update, which includes version 15.0.0
of the JavaVM Framework.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false