Recent news has pointed out that Lenovo, the laptop manufacturer, was preloading in their laptops a controversial application called Superfish used to serve ads to their users. As the security industry scrutinized and criticized Lenovo for making use of such practices, security experts also have analyzed the internal software components of the Superfish app very closely to find out how it works.
In their analysis of the app they found a common technical component – also known as engine – called Komodia. This component is used by many legitimate security companies to provide web monitoring and content filtering services to their clients. During the analysis however, security experts found a vulnerability in this engine that make users of applications powered with the Komodia engine to be potentially more vulnerable to phishing attacks.
Although Qustodio has nothing to do whatsoever either with Lenovo or the controversial Superfish product, Qustodio is one of the many legitimate companies that use the Komodia engine for non-malicious means in their Windows products. This component allows Qustodio to provide parents monitoring and supervision capabilities on Windows devices, a key feature of the Qustodio Parental Control product.
Unfortunately, the same Komodia vulnerability affecting Lenovo users is also affecting Qustodio for Windows users and therefore requires a fix in order to avoid potential phishing attacks from external malicious users.
The Qustodio engineering team is currently working hard on that fix to protect our Windows users from such vulnerability. This fix is expected to be available in the next few days and will be rolled out to all our Windows users automatically, not requiring any manual intervention from customers. As soon as the fix is available we will let all of our Windows users know.