Malware alert over Java plug-in
Users of the Java plug-in could be exposed to malware due to a flaw in the software’s update tool.
Oracle, distirbutor of the software which allows computers to run programmes written in the Java language, agreed to issue an alert on social media and its own site.
The decision follows an investigation by the US Federal Trade Commission (FTC) which, in a complaint to the company, claims that Oracle was aware of security issues in the Java SE plug-in when it bought Sun, the creator of the software, in 2010.
According to the FTC, Orcale assured users that installing updates would ensure their PCs would be safe, even though a risk remained.
Related: Best Android Apps
It said that users were exposed to craft malware which could allow hackers to acquire sensitive customer information such as usernames and passwords for financial accounts.
The original update process did not delete previous versions of the software and Oracle’s initial attempts to address the issue only removed the most recent prior version of Java.
This meant that hackers could still exploit weaknesses in older versions of the software which remained installed on user’s PCs.
The FTC claims that Java is installed on more than 850 million computers, and users who have yet to install the latest versions could still be at risk.
The company will not be fined as a result of agreeing to issue the warning.