After playing a dead bat and attempting to push the perception that Superfish was not a security concern, Lenovo has admitted that it was caught napping on the security implications of preloading a piece of adware that installed its own self-signing man-in-the-middle proxy service that hijacked SSL/TLS connections.
"We did not know about this potential security vulnerability until yesterday," Lenovo said in a statement released Saturday, Sydney time. "We recognise that this was our miss, and we will do better in the future. Now we are focused on fixing it."
To that end, Lenovo has joined Microsoft in offering a removal tool
to fix the Superfish issue.
The Chinese hardware manufacturer said it is working with McAfee and Microsoft to have Superfish quarantined or removed by their tools.