Oracle has reached a settlement with the Federal Trade Commission (FTC) related to concerns about the security of Java. Oracle had told Java users that their computers would be “safe and secure” if they updated to the latest version of Java. However, the update process did not remove older versions of Java from users’ systems, leaving them vulnerable to attacks.
Under the settlement, Oracle must “notify consumers during the Java SE update process if they have outdated versions of the software on their computer, notify them of the risk of having the older software, and give them the option to uninstall it.” In addition the company must post the terms of the settlement on its website and social media accounts. The FTC has also posted a blog on the subject with the headline “What’s worse than stale coffee? Stale Java.”