Detections
Analytics
Mac OS X : Java for OS X 2012-006
critical Nessus Plugin ID 62595
Language:
Synopsis
The remote host has a version of Java that is affected by multiple vulnerabilities.Description
The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2012-006 update, which updates the Java version to 1.6.0_37. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.Solution
Apply the Java for OS X 2012-006 update, which includes version 14.5.0 of the JavaVM Framework.See Also
http://support.apple.com/kb/HT5549
http://lists.apple.com/archives/security-announce/2012/Oct/msg00001.html
Plugin Details
Severity: Critical
ID: 62595
File Name: macosx_java_2012-006.nasl
Version: 1.18
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 10/17/2012
Updated: 11/27/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.0
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:apple:java_1.6
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/16/2012
Vulnerability Publication Date: 10/16/2012
Exploitable With
Metasploit (Sun Java Web Start Double Quote Injection)
Reference Information
CVE: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089
BID: 55501, 56025, 56033, 56039, 56046, 56051, 56055, 56058, 56059, 56061, 56063, 56065, 56071, 56072, 56075, 56076, 56080, 56081, 56083
APPLE-SA: APPLE-SA-2012-10-16-1