Security

Oracle Ordered to Publicly Admit Misleading Java Security Updates

Security issues have long tantalized over 850 Million users that have Oracle’s Java software installed on their computers. The worst thing is that the software was not fully updated or secure for years, exposing millions of PCs to attack.
And for this reason, Oracle is now paying the price.Oracle has been accused by the US government of misleading consumers about the security of its Java software.

Oracle is settling with the Federal Trade Commission (FTC) over charges that it “deceived” its customers by failing to warn them about the security upgrades.
Java is a software that comes pre-installed on many computers and helps them run web applications, including online calculators, chatrooms, games, and even 3D image viewing.

Oracle Left Over 850 Million PCs at Risk

The FTC has issued a press release that says it has won concessions in a settlement with Oracle over its failure to uninstall older and insecure Java SE software from customer PCs upon the upgrade process, which left up to 850 Million PCs susceptible to hacking attacks.
However, the company was only upgrading the most recent version of the software and ignoring the older versions that were often chock full of security loopholes that could be exploited by hackers in order to hack a targeted PC.

Oracle is Now Paying the Price

So, under the terms of the settlement with Oracle, announced by the FTC on Monday, Oracle is required to:
  • Notify Java customers about the issue via Twitter, Facebook, and its official website
  • Provide tools and instructions on how to remove older versions of Java software
Oracle has agreed to the settlement that is now subject to public comment for 30 days, although Oracle declined to comment on its part.
Meanwhile, the FTC wants Java users to know that if they have older versions of the software. Here is the website that will help you remove them: java.com/uninstall.
Source: http://thehackernews.com/
Share Your Thoughts
Tags

Pascal Eugene

Founder of 'Geek The Net'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker.

Related Articles

Close