Skip to main content

Java Security Vulnerabilities and JobScheduler

Submitted by sos-admin on Mon, 01/21/2013 - 14:07
News Date and Time
Jan 21 2013 14:07

Users have indicated that they feel uncertain about using Java and therefore JobScheduler because of possible security risks.

The security risks posed by vulnerabilities in Java only apply to the Java browser plugin. JobScheduler, its user interfaces JOE and JID and our JITL only use Java via the Java Virtual Machine (JVM) interface. This is a separate part of the Java installation packages to the browser plugin.

Installation of Java, whether the Java Software (aka. Java Runtime Environment) or the Java Platform developer toolkit packages is a precondition for the installation of JobScheduler. As both of these packages make installation the browser plugin unavoidable, we recommend that the Java browser plugin is deactivated in all browsers installed on machines that have access to the Internet. This will ensure that an infection cannot occur.
Instructions for deactivating the Java browser plugin can be found on security specialist Sophos' "How to turn off Java on your browser" article. It is not necessary to completely remove Java as described in some articles in the media such as the article in the International Business Times.

For further information, including a description of how the infections occur, see the relevant Oracle Security Alert for CVE 2013.