Oracle’s Java software is known for creating its share of headaches, but security is arguably the biggest. For one thing, upgrading to the latest version of Java Standard Edition didn’t always remove every old version — up until last year, it’d leave ancient copies that exposed your PC to attack. And now, Oracle is paying the price. It’s settling FTC charges that it “deceived” customers by failing to warn about the security risks behind its Java SE upgrade process. Larry Ellison and crew will have to both warn users about those risks and create tools to remove those older, more vulnerable copies.
Given that the issue was effectively tackled earlier, the FTC deal is something of a formality. Nonetheless, it could do a lot to keep both Oracle and other software developers on their toes. Ideally, they’ll think twice about sloppy uninstalls that leave insecure code behind — the FTC may not be so gentle the next time around.
[Image credit: Shutterstock]
Via: Business Insider