Oracle has been ordered to warn users if they're running an outdated version of Java SE, under a settlement with the US Federal Trade Commission (FTC).
The agreement settles claims by the FTC that Oracle deceived users when telling them their computers would be "safe and secure" if they updated Java. While updating software usually affords protection, Oracle failed to inform users that, when multiple versions of Java SE were installed, older versions would remain on the computer. This outdated software then offered a ripe target for hackers.
Oracle outlines steps to improve Java home, enterprise security
Following high-profile hacks and breaches at major technology companies, including Apple and Facebook, the Java maker is knuckling down on the Web plug-in's security.
Oracle acquired Java as part of its 2010 purchase of Sun Microsystems, giving it a runtime that is installed on billions of machines and around 850 million PCs. Java became a popular target for hackers due to its wide distribution and a steady stream of bugs that left machines exposed to hackers and exploit kits.
Security firms have long warned that outdated Java software leaves enterprise and consumer systems vulnerable to attack. Previous Java zero-day bugs have also prompted warnings by the US government to disable Java in the browser. A Java zero-day flaw was how state-sponsored attackers hacked Apple and Facebook employees in 2013.