Oracle settles with the FTC over deceitful security updates

Oracle settles with the FTC over deceitful security updates

By Ashley Carman on December 21, 2015 06:51 pm Email @ashleyrcarman
http://www.theverge.com/2015/12/21/10640552/oracle-java-settle-ftc-security

More than 850 million computers have Java installed on them, and for years, users might not have known the software wasn’t fully updated or secure. Oracle is now settling with the Federal Trade Commission over that security oversight. It reached an agreement with the FTC on Monday over charges that it deceived consumers about security updates to the platform. The FTC claimed Oracle portrayed security updates as the latest and most secure. However, the company failed to mention that an update only replaced the most recent prior version of Java, as opposed to all earlier versions that might have been installed. So while users might have thought they patched any vulnerabilities in Java, in reality, they could have still had less secure versions on their computer, which were vulnerable to attacks.

ORACLE WAS ALLEGEDLY WELL AWARE OF THIS ISSUE

Oracle was well aware of this issue, the FTC argued, citing internal company documents that said the “Java update mechanism is not aggressive enough or simply not working.” Even still, the updates remained unchanged. Now, Oracle will have to notify consumers during the update process if outdated versions are still on their computer, as well as list the risks this poses. The company also has to post on social media and its website about the settlement and how consumers can get rid of old software versions.

Java was to blame for multiple major security breaches at Apple, Facebook, Twitter, and NBC in 2013, which spurred discussion around phasing the platform out. It’s not looking like the software will go the way of Flash anytime soon, though.

Leave a Reply