Skip to main content

Oracle settles with FTC over Java security issues

Oracle has come to an agreement with the FTC concerning the security issues that have long plagued the company’s Java Standard Edition Software. Java has a large user base and is installed on around 850 million computers around the world making it a prime target for hackers and cybercriminals.

The FTC has charged Oracle with deceiving consumers into believing that the updates the company was providing were actually making Java safer and more secure. While the updates to the software did address security concerns, they failed to remove older versions of the software that still lingered on users’ systems and merely uninstalled the latest previous version. This gave hackers the opportunity to develop malware that enabled them to access the personal information of users including their usernames and passwords for financial accounts.

According to the FTC, Oracle has been aware of the security issue regarding updates since 2011. However, the company never made users aware that older versions of Java SE still remained on their systems. The security issue persisted until August 2014 when Java began uninstalling older versions of the software and not just the previous version of it.

Oracle will now be required to inform consumers if there are outdated versions of Java on their systems when they perform updates to the software. They will also have the option to uninstall these older versions during updates. The FTC is holding Oracle responsible for spreading the word about the settlement to Java users online and via the company’s social media accounts. If the company violates the agreement with the FTC, it will be subject to a civil penalty of up to $16,000 for each violation.

Oracle took over control of Java when it acquired Sun Microsystems in 2010. Primarily the company’s focus is not on consumer based products and this might be one of the reasons behind the way in which it has handled Java’s security issues.

The FTC’s ruling in this case has set a precedent for the way software company’s must continue to update their software and ensure that it remains secure throughout its lifetime.

Image Credit: Shutterstock (opens in new tab) / Mark Van Scyoc (opens in new tab)

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.