The Federal Trade Commission announced Monday (Dec. 21) that software vendor Oracle has agreed to settle on the charges filed against it that accuse the company of lying to its customers about the security of its Java software updates.
According to the FTC’s complaint, Oracle’s Java Platform, Standard Edition software (Java SE), which is installed on more than 850 million personal computers, was impacted by significant security issues that the company was aware of and did not convey to users.
“When a company’s software is on hundreds of millions of computers, it is vital that its statements are true and its security updates actually provide security for the software,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a statement. “The FTC’s settlement requires Oracle to give Java users the tools and information they need to protect their computers.”
Under the terms laid out by the FTC, Oracle is required to provide users with the ability to uninstall the older versions of Java SE, which are considered to be insecure. The security vulnerabilities found in the older versions of the software reportedly allow hackers to deploy malware to access users’ financial account information and other sensitive personal information.
The proposed consent order also prohibits Oracle from making any further deceptive statements to consumers concerning the privacy or security of its software, as well as the ability to uninstall older software versions, the FTC said.