The Federal Trade Commission (FTC) has announced that it has settled an investigation with Oracle over the software Java SE, which reportedly has been installed on over 850 million computers.
According to the FTC’s press release: “Oracle has agreed to settle Federal Trade Commission charges that it deceived consumers about the security provided by updates to its Java Platform, Standard Edition software (Java SE), which is installed on more than 850 million personal computers. Under the terms of a proposed consent order, Oracle will be required to give consumers the ability to easily uninstall insecure, older versions of Java SE.”
The Consent Order entered into between the FTC and Oracle states that Oracle must not “misrepresent: (1) the privacy or security of the Covered Software on a consumer’s computer, including but not limited to the effect on privacy or security of any installation or update of the Covered Software; or (2) how to uninstall older Iterations of” Java SE. Further, the Consent Order requires Oracle to provide clear and conspicuous instructions to consumers about how they can uninstall old versions of the software.
The FTC alleged in its complaint against Oracle that: “since acquiring Java in 2010, Oracle was aware of significant security issues affecting older versions of Java SE. The security issues allowed hackers’ to craft malware that could allow access to consumers’ usernames and passwords for financial accounts, and allow hackers to acquire other sensitive personal information through phishing attacks.”
The FTC alleged that the “failure to disclose the limitations of the updates in light of the statements made about the security benefits of the updates was deceptive and in violation of Section 5 of the FTC Act.”