Oracle is widely known for being behind the popular programming language called Java. Java is used for variety of purposes by the developer from making apps, games to even other robust programs. Oracle has issued an advisory where it has warned millions of Java users could get exposed to a malware threat which results due to the flaw in the software update tool. This particular plug-in is installed on a large number of PCS’s which allows them to run small programs written in the Java language.
Oracle has issued an alert for this malware threat on the social media as well as on its official website. US’s Federal Trade Commission is currently investigating the Oracle for any wrongdoing which isn’t a good time for the malware to emerge.
The threat of the Malware target
The reason for launching an investigation on Oracle can be summarized from the FTC’s complaint which states that Oracle was aware of number of security issues in the Java SE (standard edition) plug-in when it bought Java technology from its creator Sun in 2010. FTC has highlighted the flaws in the security system of the Java will can easily allow hackers to craft malware providing access to consumer’s usernames and passwords for the financial accounts. Apart from this malware can even be designed to feed of other vital and sensitive information which results in the attack on the user’s privacy. FTC has alleged that Oracle has been fooling its customers by asking them to install its updates which would ensure that their PC’s remain safe and secure. But Oracle had the firm knowledge that the Java has existing security issues.
Reasons for security issues in Java
The presence of security issues in the Java language is mainly attributed to Sun as it didn’t deleted the original update process in the earlier versions of the software before passing it on to Oracle. FTC states that it offers a great way for the hackers to exploit and launch their attacks on the PCs running Java.
Oracle has tried to address this issue but its update tools were only able remove the issues in latest version of Java but it left the earlier editions behind. Oracle only managed to rectify the problem in August 2014. In the current investigation being carried out by the FTC Oracle is not liable to plead ignorance as internal documents dating 2011 has stated that Java update mechanism is not aggressive enough or simply not working.
Trouble days for Java
Java is currently used to power a wide number of web browser base games, hat tools, and calculator and performs some other essential functions. Java also happens to be one of the top three applications which are targeted by the criminals. Most of the people don’t even know that it comes pre-installed on a large number of machines. FTC is recommending the business to stop using the java application or to remove them from their systems in order to remain safe secure from cyber threats. FTC is basically corned about the update procedures which are followed by the Oracle and it will not simply settle the problem by imposing a financial penalty.