FTC OKs Final Order Against Oracle Over Consumer Deception of Java SE Updates
The FTC approved a final order Tuesday, resolving a complaint against Oracle that it deceived customers about security updates to the Java platform, standard edition (Java SE) software (see 1512210028), the commission said in a news release. The commission approved…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
the order 4-0 after a public comment period. FTC announced the settlement in December when the commission said Oracle was aware of "significant security issues" with older Java SE versions -- installed in more than 850 million personal computers -- that support browser-based features such as calculators, online gaming, chat rooms and 3D images. FTC's complaint said Oracle didn't tell customers that software updates may have left older versions intact. The complaint said hackers could exploit the flaws in the older versions, potentially giving them access to consumers' usernames and passwords to financial accounts and enabling them to launch phishing attacks. The order requires Oracle to notify customers of any older versions on their computers during an update process, inform them of the risks and give them the choice to uninstall them. "In addition, the company will be required to provide broad notice to consumers via social media and their website about the settlement and how consumers can remove older versions of the software," the FTC release said.