Number: IRCNE2015022432
Date: 2015/02/23
According to “zdnet”, Lenovo has promised not to include Superfish with products in the future.According to security researchers, the problem is worse than we thought.
Last week, reports surfaced which claimed that Lenovo Notebooks have been issued to consumers containing a preloaded security flaw. Originally, the Chinese tech giant said the Superfish adware was not a security concern -- however, eventually the company realized and admitted that the software was able to install its own self-signing man-in-the-middle (MITM) proxy service which has the potential to hijack SSL and TLS connections -- a severe, nasty security vulnerability.
On Saturday, Lenovo issued a statement saying the company "did not know about this potential security vulnerability," and admitted it was the company's mistake in allowing the adware to slip the net.
"We recognise that this was our miss, and we will do better in the future. Now we are focused on fixing it," Lenovo said.
Lenovo has now released a removal tool to eradicate the adware from the firm's products, and security companies including McAfee are working to add the software to malware scanners.
According to a Lenovo security advisory, Superfish came preloaded on notebook products shipped between September 2014 and February 2015. The firm has reached out to Superfish to "disable all server activity associated with their product," and promises not to preload this software on products in the future.
- 2