01 August 2017

The potential Java security risk on your computer - and what to do about it

An important message from Oracle - the vendor behind Java

We’re sending you this message because you may have downloaded, installed, or updated Java SE software on your computer. The Federal Trade Commission, the nation’s consumer protection agency, has sued us for making allegedly deceptive security claims about Java SE. To settle the lawsuit, we agreed to contact you with instructions on how to protect the personal information on your computer by deleting older versions of Java SE from your computer. Please take the suggested steps as soon as possible.

Here’s a summary of what the FTC lawsuit is about. The FTC alleged that, in the past, when you installed or updated Java SE, it didn’t replace the version already on your computer. Instead, each version installed side-by-side at the same time. Later, after we changed this, installing or updating Java SE removed only the most recent version already on your computer. What’s more, in many cases, it didn’t remove any version released before October 2008.

Why was that a problem? Earlier versions of Java SE have serious security risks we corrected in later versions. When people downloaded a new version, we said they could keep Java SE on their computer secure by updating to the latest version or by deleting older versions using the Add/Remove Program utility in their Windows system. But according to the FTC, that wasn’t sufficient. Updating to the latest version didn’t always remove older versions. So many computers had several versions installed.

That creates a serious security vulnerability. Even if you installed the most recent version of Java SE, the personal information on your computer may be at risk because earlier, less secure versions could still be executed.

To fix this problem, visit http://java.com/uninstall, where instructions on how to uninstall older versions of Java SE are provided. This webpage also provides a link to the Java SE uninstall tool, which you can use to uninstall older versions of Java SE. You may also go to 
http://java.com/uninstallhelp if you have any additional questions or concerns.

No comments:

Post a Comment