The FTC says Oracle 'deceived consumers' and left software on 850 million PCs vulnerable to hackers
The FTC says the software giant "deceived consumers" when issuing security updates to a piece of software just about every PC on the planet uses, called Java. The FTC estimates some 850 million PCs use Java Standard Edition (the version that the FTC says is problematic).
Oracle declined comment.
Java is software for running web applications, things like games, chatrooms, calculators, 3D image viewing, and so on. Java is controlled by Oracle, inherited when Oracle bought Sun in 2010.
The FTC says that Oracle never told consumers that when they get those pesky messages to update Java security and agree to the updates, that Oracle wasn't fully updating all versions of the Java SE apps they may have installed on their machines.
It was only updating the most recent version and ignoring older versions. And these older versions were often chock full of bugs that hackers could use to hack a person's PC.
The FTC explains:
In its complaint, the FTC alleges that Oracle promised consumers that by installing its updates to Java SE both the updates and the consumer's system would be 'safe and secure' with the 'latest… security updates.' ...
In 2011, according to the FTC's complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the 'Java update mechanism is not aggressive enough or simply not working,' and that a large number of hacking incidents were targeting prior versions of Java SE's software still installed on consumers' computers."
In a blog post, the FTC really went to town saying, "What's worse than stale coffee? Stale Java."
Under the FTC's proposed settlement with Oracle, Oracle will be required to tell Java users about the problem via social media and its website, and provide tools and instructions on how to remove older versions of Java SE.
The security updates will also be required to work as advertised, with Oracle telling consumers if they have an outdated version of Java SE on their computers and giving them the option to uninstall it
Oracle has agreed to settle the FTC charges, and the settlement is now subject to public comment for 30 days.
In the meantime, the FTC wants you to know that if you do have older versions of Java, here's the website that will help you remove them: java.com/uninstall.