Oracle settles with the FTC over new Java security updates not removing older versions after install - Polidicks

Oracle settles with the FTC over new Java security updates not removing older versions after install

1 replies, posted
In This Thread

[url]http://www.theverge.com/2015/12/21/10640552/oracle-java-settle-ftc-security[/url] [quote=The Verge]More than 850 million computers have Java installed on them, and for years, users might not have known the software wasn't fully updated or secure. Oracle is now settling with the Federal Trade Commission over that security oversight. It reached an agreement with the FTC on Monday over charges that it deceived consumers about security updates to the platform. The FTC claimed Oracle portrayed security updates as the latest and most secure. However, the company failed to mention that an update only replaced the most recent prior version of Java, as opposed to all earlier versions that might have been installed. So while users might have thought they patched any vulnerabilities in Java, in reality, they could have still had less secure versions on their computer, which were vulnerable to attacks. Oracle was well aware of this issue, the FTC argued, citing internal company documents that said the "Java update mechanism is not aggressive enough or simply not working." Even still, the updates remained unchanged. Now, Oracle will have to notify consumers during the update process if outdated versions are still on their computer, as well as list the risks this poses.[/quote]

Sorry, you need to Log In to post a reply to this thread.