Lenovo has admitted that it’s been shipping laptops and convertible laptop/tablet devices with a security vulnerability.
Between September and December last year, Windows-based laptops from Lenovo were loaded with software called Superfish. This allowed advertising to be added to web pages that were being viewed. However, it ‘broke’ secure web pages when it did this, which meant that any fraudulent secure sites wouldn’t be detected.
A number of the company’s E, Flex, G, M, S, U, Y, Yoga and Z series laptops were affected.
As well as discontinuing its connection with Superfish, Lenovo now won’t be installing the software any more and has told customers how to remove it.
It also said “this issue in no way impacts our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device”.
[Lenovo statement; Superfish removal tool; US-CERT statement]