A flaw in OpenSSL and Apple's Secure Transport implementation of SSL and TLS protocols is putting millions of Android and Apple device users as well as visitors of secured sites in danger of having their encrypted connections decrypted, and the information exchanged with the servers behind them intercepted.
When the issue of Lenovo's pre-installed SSL-breaking Superfish adware first gained widespread media recognition, the company's CTO Peter Hortensius tried to do some damage control and stated that the adware posed no security risk for users.
As Lenovo backtracked on its initial position that the Superfish adware pre-installed on some of its notebooks is not a security danger, and released a security advisory about the "vulnerability" that allows it to install a self-signed root certificate in the local trusted CA store, Superfish CEO Adi Pinhas did the same.
After the recent revelation that Lenovo has been shipping some of it laptops with pre-installed adware that's also breaking the security of secure connections by using self-signed MITM SSL certificates, the company has attempted to minimize the fallout by reiterating the initial explanation about why they did it: to help their customers.
If you have recently bought a new Lenovo computer, you're in for a nasty surprise: the company has been shipping them with pre-installed adware.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.