How is IBM Sametime impacted by the "Oracle Java 7 Security Manager Bypass Vulnerability (CVE-2013-0422)"?
IBM has been advised by Apple that Java Version 7 Update 10 (and earlier) in the Safari browser has been disabled through the Safari browser. This was due to a security issue relating to Oracle Java.
As IBM Sametime Meetings, Classic Sametime Meetings, SmartCloud Meetings, and Sametime Links use Oracle Java for some functionality, our application may not work as expected if Java has been disabled.
Therefore, IBM recommends that clients visit Oracle's Security Alert for the latest updates on the Java issue (link below). As of today, Oracle has released Java 7 Update 11 of the Java Runtime Environment (JRE) and this version is not blacklisted by the Apple Safari Browser.
- The Oracle Security Alert containing the latest updates: "Oracle Security Alert for CVE-2013-0422"
- The IBM PSIRT document: "Oracle Java 7 Security Manager Bypass Vulnerability (CVE-2013-0422)"