The FTC says Oracle 'deceived consumers' and left software on 850 million PCs vulnerable to hackers
The FTC says the software giant "deceived consumers" when issuing security updates to a piece of software just about every PC on the planet uses, called Java. The FTC estimates some 850 million PCs use Java Standard Edition (the version that the FTC says is problematic).
Oracle declined comment.
Java is software for running web applications, things like games, chatrooms, calculators, 3D image viewing, and so on. Java is controlled by Oracle, inherited when Oracle bought Sun in 2010.
The FTC says that Oracle never told consumers that when they get those pesky messages to update Java security and agree to the updates, that Oracle wasn't fully updating all versions of the Java SE apps they may have installed on their machines.
It was only updating the most recent version and ignoring older versions. And these older versions were often chock full of bugs that hackers could use to hack a person's PC.
The FTC explains:
In its complaint, the FTC alleges that Oracle promised consumers that by installing its updates to Java SE both the updates and the consumer's system would be 'safe and secure' with the 'latest… security updates.' ...
In 2011, according to the FTC's complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the 'Java update mechanism is not aggressive enough or simply not working,' and that a large number of hacking incidents were targeting prior versions of Java SE's software still installed on consumers' computers."
In a blog post, the FTC really went to town saying, "What's worse than stale coffee? Stale Java."
Under the FTC's proposed settlement with Oracle, Oracle will be required to tell Java users about the problem via social media and its website, and provide tools and instructions on how to remove older versions of Java SE.
The security updates will also be required to work as advertised, with Oracle telling consumers if they have an outdated version of Java SE on their computers and giving them the option to uninstall it
Oracle has agreed to settle the FTC charges, and the settlement is now subject to public comment for 30 days.
In the meantime, the FTC wants you to know that if you do have older versions of Java, here's the website that will help you remove them: java.com/uninstall.
- A 'hole' 30 times Earth's size has spread across the sun, blasting solar winds that'll hit our planet by end of this week
- A former Twitter engineer said they watched colleagues 'drop like flies' from a virtual meeting during Elon Musk's mass layoffs
- I'm a software engineer who struggled with procrastination until I tried 'monk mode' — here's how it saves me up to 3 hours a day
- World Bank President nominee Ajay Banga tests covid positive on arrival in Delhi
- Ashneer Grover's new startup CrickPe is a fantasy sports app that will also reward cricketers
- Finance Bill passed in Lok Sabha amid opposition protest
- IPL 2023: Jio introduces new cricket plans providing 3GB data per day
- Digitalisation, credit growth, government policies to drive MSME growth, say experts