The U.S. Federal Trade Commission (FTC) announced that Oracle has agreed to settle a case over deception charges related to Java Standard Edition software updates.
Oracle acquired Java in 2010 and the software giant is said to have known about some flaws with Java SE. Oracle issued an update to fix some problems in Java SE and also promised customers that following the installation of the latest update, their computer system will be safe and secured. However, the update failed to fix older versions of Java SE and the deception exposed more than 850 million computers on the planet to hackers.
According to an FTC complaint, Oracle was aware about the insufficiency of the software update but did not take steps to resolve the issue.
"Internal documents stated that the 'Java update mechanism is not aggressive enough or simply not working,' and that a large number of hacking incidents were targeting prior versions of Java SE's software still installed on consumers' computers," per FTC.
Jessica Rich, director of the FTC's Bureau of Consumer Protection, said in a statement that a company like Oracle should ensure that its statements are correct regarding security updates.
The FTC also notes that Oracle did put notices on its official website regarding the requirement to remove older Java SE versions due to the security risk. However, the information did not confirm that the software update issued by Oracle do not fix any problems.
"Keeping old versions of Java on your system may present a security risk," per Java.
The FTC alleges that this failure to unveil the limitations of the software update was deception and it also violated Section 5 of the FTC Act.
As part of the latest settlement with the FTC, Oracle will have to inform Java users about the security risks that the older Java SE version poses, as well as offering customers with tools to protect their computer systems.
Oracle is also required to issue a broad notice to all consumers through social media and the company's website regarding the settlement and how customers should remove the older Java SE version from their computers.
The latest settlement also requires FTC to prohibit Oracle from making any deceptive statements regarding the security or privacy of the company's software.
Java SE is required by many computers as it provides support for a wide array of features that consumers use while browsing the Internet, which includes online gaming, browser-based calculators, viewing of 3D images, chatrooms and more.
IT security experts claim that Java SE is very vulnerable to cyberattacks. Security flaws in Java SE can enable hackers to steal personal data from computers including login credentials.
However, the dependency on Java SE has reduced a lot in the last few years and many websites can display content without the need of Java SE.
The federal agency will publish an explanation of the agreement in the Federal Register soon. The settlement is subject to 30 days of public comment, beginning Dec. 21, 2015, after which the FTC will take a decision if the proposed consent order should be finalized.
PC owners can check if their computer systems have older Java SE versions and how to remove them by visiting Java's website.