As we previously reported, in December 2015, the FTC settled claims against Oracle that the company deceived consumers about security updates on Oracle’s Java Platform, Standard Edition software (Java SE). The FTC’s complaint specifically alleged that, as Oracle rolled out updates to users, the software only updated the most recent version persisting on the user’s device. The software update failed to remove older versions of the program or update all versions on the device, and thus left older versions potentially vulnerable to hackers. Despite knowing these problems, Oracle allegedly did not tell consumers that they needed to manually uninstall older versions of Java SE.
On March 29, after a public comment period, the FTC approved a final order resolving the Commission’s complaint. The order requires Oracle to notify affected customers that they may have older, insecure versions of Java SE on their computers, and to provide instructions on how to remove these older iterations. The Commission vote to approve the final order and letters to commenters was 4-0.