RCS has taken steps to remove the last few remaining pieces of Java from its legacy music scheduler, Selector 15, citing recently stated „zero-day vulnerability“ security concerns.
Recent industry-wide publicity suggests that attackers may be able to use the zero-day vulnerability to execute arbitrary code on a machine. As a result, the attacker could not only compromise the machine, but also steal any data on the device, and turn it into a „node“ or „zombie PC“.
Although the amount of Java code is only a very small portion of Selector 15, RCS will replace it immediately with a more secure technology. No other RCS products use this technology.
Philippe Generali (RCS President/CEO) stated: „Java on client desktops has been problematic for some time. When it came time to design our next generation products like Zetta®, GSelector®, Aquira® and RCS News, we deployed more reliable technologies, which adhere to the security standards that our clients deserve. This move mops up a very small corner of our legacy scheduler immediately, rather than waiting for a Java fix that, according to some experts, might take two-years.“
Generali added, „As the world leader in broadcast software, we feel compelled to alert our clients to any vulnerability that could lead to a nefarious party taking control of a radio station.“
More Background Source Material:
Java’s security dilemma: Old, vulnerable versions won’t go away …InfoWorld January 21, 2014
Security experts on Java: Fixing zero-day exploit could take ‚two years‘ …ZDNet January 14, 2014
Homeland Security warns to disable Java amid zero-day flaw…ZDNet January 11, 2013