RCS has taken steps to remove all Java from its legacy software citing recently stated « zero-day vulnerability » security concerns. When we say our software is « Java-free », we are saying that by using RCS software, you can rest easy and know you are not at risk by using that programming platform. We don’t use it.
Recent industry-wide publicity suggests that attackers may be able to use the zero-day vulnerability to execute arbitrary code on a machine. As a result, the attacker could not only compromise the machine, but also steal any data on the device, and turn it into a « node » or « zombie PC ».
Philippe Generali (RCS President/CEO) stated: « Java on client desktops has been problematic for some time. When it came time to design our next generation products like Zetta®, GSelector®, Aquira® and RCS News, we deployed more reliable technologies, which adhere to the security standards that our clients deserve. This move mops up a very small corner of our legacy scheduler immediately, rather than waiting for a Java fix that, according to some experts, might take two-years. »
Generali added, « As the world leader in broadcast software, we feel compelled to alert our clients to any vulnerability that could lead to a nefarious party taking control of a radio station. »
EVP of Technology and Development at RCS, Chip Jellison explains what this all means: « We have seen a great deal of news about the insecurities around Java lately, and we know that our client’s use of our software is mission critical. For every product from RCS, besides Selector 15, there was never a need for Java to be installed on your computer. »
Jellison continued, « There was never vulnerability with our Classic Windows®-based Selector 15, but there was only one area where Java was employed to display pie charts. The code didn’t create a vulnerability, but having it meant that your station computers needed to install Java. »