What’s worse than stale coffee? Stale Java.
If you own a computer, you’ve probably seen this message before: Java Update Available. You know that leaving outdated software on your computer can make it more vulnerable to viruses and malware, so you’ve always agreed to the updates. Unfortunately, the FTC says keeping Java updated didn’t necessarily keep it secure.
Oracle’s Java SE software has been installed on more than 850 million computers. Many websites rely on Java to enable interactive features, like browser-based calculators, online games, chatrooms, and 3D image viewing.
According to the FTC, for years, updating to a new version of Java didn’t automatically remove all the old versions. Oracle eventually changed this practice, but even then, Java updates removed only the most recent version. That left many computers with multiple outdated versions of the software.
Why does it matter? Earlier versions of Java had serious security risks that hackers could exploit to steal login information for people’s financial accounts, and to gather other sensitive information through phishing attacks. As long as these older versions remain on a computer, hackers could continue to exploit them.
Today, the FTC announced a proposed settlement that would require Oracle to notify Java users about the problem and provide tools to fix it. To remove old versions of Java from your computer, visit java.com/uninstall, or follow one of the steps below: