Music scheduling software powerhouse RCS has taken steps to remove the last few remaining pieces of Java from its legacy music scheduler, Selector 15, citing recently stated “zero-day vulnerability” security concerns.
Recent industry-wide publicity suggests that attackers may be able to use the zero-day vulnerability to execute arbitrary code on a machine. As a result, the attacker could not only compromise the machine, but also steal any data on the device, and turn it into a “node” or “zombie PC”.
Although the amount of Java code is only a very small portion of Selector 15, RCS will replace it immediately with a more secure technology. No other RCS products use this technology.
Said RCS CEO Philippe Generali: “Java on client desktops has been problematic for some time. When it came time to design our next generation products like Zetta, GSelector, Aquira and RCSnews, we deployed more reliable technologies, which adhere to the security standards that our clients deserve. This move mops up a very small corner of our legacy scheduler immediately, rather than waiting for a Java fix that, according to some experts, might take two-years. As the world leader in broadcast software, we feel compelled to alert our clients to any vulnerability that could lead to a nefarious party taking control of a radio station.”
RBR-TVBR asked RCS VP/Marketing Dwight Douglas how RCS will remove the Java script: “They will simply re-write that small part of the program that creates clocks in the older Selector version and then send an update. We are lucky we didn’t use that as a programming platform.”
This is what ORACLE is sending out (and they own Java): http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html