Updated The US government's Computer Emergency Readiness Team (US-CERT) today said the Superfish ad-injecting malware installed by Lenovo on its new laptops is a "critical" threat to security.
Chinese PC peddler Lenovo
bundled the software nasty to make a fast buck from its cheap, low-margin hardware: the application hijacks web browsers to inject ads into pages, even HTTPS encrypted websites, using an egregious root CA certificate.
"Lenovo consumer personal computers employing the pre-installed Superfish Visual Discovery software contain a critical vulnerability through a compromised root CA certificate," US-CERT
said on Friday, urging people to remove the adware.