Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 11 MINUTES AGO.
You are here: Home / Customer Data / Oracle, FTC Settle over Java Updates
Oracle Settles with FTC over 'Deceptive' Java Updates
Oracle Settles with FTC over 'Deceptive' Java Updates
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
22
2015
After investigating complaints about Oracle's handling of automatic updates to its Java Platform Standard Edition software (Java SE), the U.S. Federal Trade Commission (FTC) has ordered the company to provide "broad notice" to customers about how to uninstall older, less secure versions that might still exist on their devices.

The FTC found that Oracle, which acquired Java with its $7.4 billion purchase of Sun Microsystems in 2010, deceived customers by assuring them their systems would be "safe and secure" when it knew that updates could leave vulnerable versions of the software on their computers. The software has been installed on more than 850 million PCs.

The complaint stemmed from that fact that until August 2014 automatic updates of Java SE removed only the most recent previous versions of the software from customers' computers. That potentially left many people with older versions still living somewhere on their systems, leaving them at risk of being hacked.

'Stale Java'

"Earlier versions of Java had serious security risks that hackers could exploit to steal login information for people's financial accounts, and to gather other sensitive information through phishing attacks," FTC consumer education specialist Nicole Fleming said yesterday in the blog post, "What's worse than stale coffee? Stale Java." As long as these older versions stay on a computer, hackers could continue to exploit them, she said.

Java SE provides support for a number of desktop and server applications, including online chat, online game-playing, browser-based calculators and 3D image viewing. It was originally developed by Sun Microsystems.

After Oracle's acquisition of Sun, the FTC found that Oracle knew of "the insufficiency of its update process" and the fact that "a large number of hacking incidents" were targeting users with outdated versions of Java SE on their systems. In a statement announcing its settlement with Oracle, the agency noted that internal documents showed the company was aware that the "Java update mechanism is not aggressive enough or simply not working."

Despite that knowledge, Oracle continued to assure customers installing newer versions of Java SE that their systems would be "safe and secure." The FTC also found that while Oracle did provide information online about the importance of removing older versions of Java SE, it did not make it clear that its updating process would not automatically remove those.

Other Past Vulnerabilities

Systems running Java have been exposed to a variety of hacking and malware threats over the years. For example, a zero-day vulnerability in 2013 enabled suspected state-sponsored hackers to access employee systems at Apple and Facebook.

Earlier this year, adware -- an Ask Search toolbar -- was also discovered installing on the systems of Mac users when they installed Java. Windows users had long complained about the inclusion of such adware in the Java installer.

Under the FTC's new proposed consent order, Oracle will be required to notify customers about the Java SE update process and the risks of older software, as well as provide information on how to uninstall older versions. Oracle will also be required to provide notices via its Web site and social media, and the company is prohibited from making deceptive statements about its software security or privacy.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CUSTOMER DATA

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.