QuoteOracle has agreed to settle Federal Trade Commission charges that it had deceived customers. Oracle told customers that by installing an update to JavaSE it would make their machines "safe and secure," despite the fact that the update often left vulnerable versions of JavaSE on the users' machines.
The update only replaced the most recent version of JavaSE residing on the machine -- it stopped short of uninstalling any other versions also residing on the computer, and did not uninstall any versions earlier than JavaSe 6 update 10 at all. According to the FTC, Oracle knew of this shortcoming in 2011 and did not fix it until August of 2014.
More at the source: Oracle Settles FTC Charges That It Deceived Users About Java Security Updates (http://www.darkreading.com/vulnerabilities---threats/oracle-settles-ftc-charges-that-it-deceived-users-about-java-security-updates/d/d-id/1323643)
If you don't need Java, uninstall it!