Security experts warn that Superfish adware leaves users vulnerable to man-in-the-middle (MitM) attacks via a self-signed root certificate, which could allow a saboteur to intercept users’ encrypted SSL connections.
Reports of the adware-laden Lenovo laptops went viral last week, around the time Jessica Bennett, of San Diego, filed a lawsuit against the companies in a federal court. On Monday, Ars Technica published the court documents (PDF) filed Thursday by Bennett, who seeks class-action status for the suit.
Bennett accused the firms of violating the California Invasion of Privacy Act, federal wiretap law and a state law governing unfair business competition.
The Electronic Frontier Foundation (EFF) has published steps to uninstall Superfish. Lenovo stopped preloading the adware in January.