Oracle has agreed to settle Federal Trade Commission charges that it had deceived customers. Oracle told customers that by installing an update to JavaSE it would make their machines "safe and secure," despite the fact that the update often left vulnerable versions of JavaSE on the users' machines.
The update only replaced the most recent version of JavaSE residing on the machine -- it stopped short of uninstalling any other versions also residing on the computer, and did not uninstall any versions earlier than JavaSe 6 update 10 at all. According to the FTC, Oracle knew of this shortcoming in 2011 and did not fix it until August of 2014.
Oracle will be required to notify consumers during the Java SE update process if they have outdated versions of the software on their computer, notify them of the risk of having the older software, and give them the option to uninstall it. In addition, the company will be required to provide broad notice to consumers via social media and their website about the settlement and how consumers can remove older versions of the software.
The consent order will require Oracle to notify consumers on Facebook and Twitter, and also contact Avast Software, AVG Technologies, ESET North America, Avira Inc., McAfee, Symantec, Trend Micro, and Mozilla, to ensure they publish the information in their security bulletins as well.