Skip to main content

Oracle must warn Java users of potential threats

Oracle is about to issue a warning that Java users could be exposed to malware, the media have reported on Tuesday.

The exposure is the result of a flaw that existed in Java’s software update tool. After an investigation conducted by the US Federal Trade Commission, Oracle (Java’s distributor) has agreed to issue a warning over its social media channels and on its website, otherwise it would have been fined.

According to a BBC report (opens in new tab), Oracle has admitted no wrongdoing. All of this seems like a bunch of (un)necessary formalities.

According to the FTC's complaint, Oracle was aware of security issues in the Java SE (standard edition) plug-in when it bought the technology's creator Sun in 2010.

"The security issues allowed hackers to craft malware that could allow access to consumers' usernames and passwords for financial accounts, and allow hackers to acquire other sensitive information," the FTC said.

The point is – Oracle promised its users that updating Java would ensure their PCs would remain “safe and secure”, but never mentioned that any risk remained – even though it did remain.

This was because Sun's original update process did not delete earlier versions of its software, which hackers could exploit to carry out their attacks. The problem was resolved in August 2014.

Oracle could not plead ignorance because the FTC had obtained internal documents dated from 2011 that stated "[the] Java update mechanism is not aggressive enough or simply not working".

The plug-in is installed on many PCs to let them to run small programs written in the Java programming language.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.