The following was excerpted from http://www.mercurynews.com/business/ci_29295433/feds-require-consumer-warnings-about-older-java-software
The FTC says Oracle deceived consumers for several years by promising that updating their Java software would keep them safe from malware and hacking attacks. Until last year, the FTC says, the update tool provided by Oracle did not remove some older versions of Java, which meant PCs were still vulnerable...
Oracle was aware since 2010 [when Oracle acquired Sun Microsystems] that older versions of Java had security flaws that left their users vulnerable to malicious attacks, according to the FTC...
Without admitting any wrongdoing, Oracle settled an FTC complaint by promising that current and future Java updates will automatically search for all older versions of the software. If an older version is found, the update tool will notify PC users of the security risk and provide a way for removing it. Oracle also promised to publicize the danger of leaving older versions of Java on PCs, by posting notices on social media and sending bulletins to leading distributors of security software.
-----------------------------------
Related article: Java plug-in malware alert to be issued by Oracle http://www.bbc.com/news/technology-35159851