Oracle · Java · CVE-2008-3637
**Name of the Vulnerable Software and Affected Versions**
Java versions prior to the fixed version on Mac OS X 10.4.11, 10.5.4, and 10.5.5
**Description**
The issue is related to an error checking problem in the Hash-based Message Authentication Code (HMAC) provider in Java, which uses an uninitialized variable. This allows remote attackers to execute arbitrary code via a crafted applet.
**Recommendations**
For Java on Mac OS X 10.4.11, 10.5.4, and 10.5.5, update to a version that includes the fix for the HMAC provider issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.