The Federal Trade Commission ("FTC") has affirmed a final order resolving the Commission’s complaint against Oracle alleging that the company deceived consumers as to the security provided by updates to its Java Platform Standard Edition software (Java SE).
The FTC’s complaint specifically alleged that, as Oracle rolled out updates to users, the software merely updated the most recent version persisting on the user's device; the software updates failed to remove older versions of the program or update all versions on the device, and consequently, left older versions potentially vulnerable to hackers. According to the complaint, notwithstanding having knowledge of these issues, Oracle failed to inform consumers that they needed to manually remove older versions of Java SE.
In accordance with the terms of the consent order, Oracle will be required to notify affected customers that they may have outdated, insecure versions of Java SE on their computers, and to provide instructions on how to uninstall it. Additionally, the company will be required to provide a widely available notice to consumers through social media and their website regarding the above mentioned.