850M PCs with Deceptive Java Security

850M PCs with Deceptive Java Security

Oracle has reached a settlement with the FTC over charges that it had been deceptively promoting security updates for its Java SE platform.

Oracle Agrees to Settle FTC Charges It Deceived Consumers About Java Software Updates
Company Will Be Required to Notify Consumers of Risk, Provide Tools to Uninstall Insecure Older Versions (12/21/2015)

Oracle has agreed to settle Federal Trade Commission charges that it deceived consumers about the security provided by updates to its Java Platform, Standard Edition software (Java SE), which is installed on more than 850 million personal computers. Under the terms of a proposed consent order, Oracle will be required to give consumers the ability to easily uninstall insecure, older versions of Java SE.
https://www.ftc.gov/news-events/press-releases/2015/12/oracle-agrees-settle-ftc-charges-it-deceived-consumers-about-java


Why does it matter?
Earlier versions of Java had serious security risks that hackers could exploit to steal login information for people’s financial accounts, and to gather other sensitive information through phishing attacks. As long as these older versions remain on a computer, hackers could continue to exploit them.

Today, the FTC announced a proposed settlement that would require Oracle to notify Java users about the problem and provide tools to fix it. To remove old versions of Java from your computer, visit java.com/uninstall, or follow one of the steps below:

*Update to Java 8 through the official Java website
*Use the uninstall tool on Java’s website
*Visit Oracle’s Help Resources for more options and information.

http://www.consumer.ftc.gov/blog/whats-worse-stale-coffee-stale-java

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles