Yesterday, the FTC announced that Oracle has agreed to settle the Commission’s charges that it deceived consumers about the security provided by updates to its Java Platform, Standard Edition software (“Java SE”). According to the FTC’s complaint, Oracle allegedly failed to adequately disclose that updating Java SE would not remove certain older iterations of the software on a user’s computer, potentially leaving the computer vulnerable to security risks. The FTC alleged that this was deceptive based on representations during the Java SE update process that the consumers’ systems would be “safe and secure” and would have “the latest . . . security improvements.” Under the terms of the twenty-year consent order, Oracle must, among other things, (1) not misrepresent “the privacy or security” of Java SE on a consumer’s computer or how to uninstall older versions of Java SE; (2) clearly and conspicuously disclose certain prior versions of Java SE installed on the computer during any future installation or update of Java SE, explain the security risks of the prior versions, and provide instructions to uninstall the prior versions; and (3) provide clear and conspicuous notice on Java SE’s consumer-facing website, social media pages, and security software companies’ security bulletins that consumers may have older, insecure versions of Java SE on their computers, with instructions and an uninstall tool to remove the prior versions.