After a public comment period, the Federal Trade Commission has approved a final order resolving the Commission’s complaint against Oracle alleging that the company deceived consumers about the security provided by updates to its Java Platform Standard Edition software.
The settlement was first announced in December 2015. In its complaint, the FTC alleged that Oracle was aware of major security issues with the Java SE software and promised consumers that installing updates to Java SE would make it “safe and secure.” The complaint alleges, though, that Oracle failed to inform consumers that the update process may have left older, potentially vulnerable versions of the software intact.
Under the terms of the proposed consent order, Oracle will be required to notify consumers during the Java SE update process if they have outdated versions of the software on their computer, notify them of the risk of having the older software, and give them the option to uninstall it. In addition, the company will be required to provide broad notice to consumers via social media and their website about the settlement and how consumers can remove older versions of the software.
The Commission vote to approve the final order and letters to commenters was 4-0.