When the issue of Lenovo's pre-installed SSL-breaking Superfish adware first gained widespread media recognition, the company's CTO Peter Hortensius tried to do some damage control and stated that the adware posed no security risk for users.
As Lenovo backtracked on its initial position that the Superfish adware pre-installed on some of its notebooks is not a security danger, and released a security advisory about the "vulnerability" that allows it to install a self-signed root certificate in the local trusted CA store, Superfish CEO Adi Pinhas did the same.
After the recent revelation that Lenovo has been shipping some of it laptops with pre-installed adware that's also breaking the security of secure connections by using self-signed MITM SSL certificates, the company has attempted to minimize the fallout by reiterating the initial explanation about why they did it: to help their customers.
If you have recently bought a new Lenovo computer, you're in for a nasty surprise: the company has been shipping them with pre-installed adware.
The OpenSSL Project has released updates for the popular eponymous open-source library that implements the SSL and TLS protocols.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.