CVE-2008-3637

Name of the Vulnerable Software and Affected Versions Java versions prior to the fixed version on Mac OS X 10.4.11, 10.5.4, and 10.5.5

Description The issue is related to an error checking problem in the Hash-based Message Authentication Code (HMAC) provider in Java, which uses an uninitialized variable. This allows remote attackers to execute arbitrary code via a crafted applet.

Recommendations For Java on Mac OS X 10.4.11, 10.5.4, and 10.5.5, update to a version that includes the fix for the HMAC provider issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.