20151027oraclelogoonyacht100625235orig
Security

Oracle settles FTC dispute over Java updates

Oracle promises to give customers tools that easily uninstall insecure older versions of Java SE that may still lurk as vulnerabilities within Web browsers.

That promise comes in a consent decree with the Federal Trade Commission that is currently up for public review before taking effect in January.

+More on Network World: After Juniper security mess, Cisco searches own gear for backdoors+

The agreement would settle a complaint by the FTC that Oracle knew the old versions of its software were insecure yet told consumers that its security updates would include the latest security updates that would make customers’ systems safe and secure. It didn’t mention that older versions of Java SE would remain on the systems and would continue to pose a security weakness, the FTC alleges.

The FTC claims it has internal Oracle documents from 2011 that indicate the company knew about the shortcomings of its Java updates, describing them as “not aggressive enough or simply not working.” Failure to disclose details about what the updates didn’t include was deceptive, the FTC alleged.

For its part, Oracle, “neither admits nor denies any of the allegations.”

But it agrees to make the tools for removing the older versions prior to Java SE version 6 update 10.

According to the FTC, “Under the terms of the proposed consent order, Oracle will be required to notify consumers during the Java SE update process if they have outdated versions of the software on their computer, notify them of the risk of having the older software, and give them the option to uninstall it. In addition, the company will be required to provide broad notice to consumers via social media and their website about the settlement and how consumers can remove older versions of the software.”

IDG Insider

PREVIOUS ARTICLE

« Get faster

NEXT ARTICLE

How to pay less for TV and get much more »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?