Privdog has announced that is has released a fix for a security issue found in the third party library
Calling the threat level “low”, an advisory said that a “minor intermittent defect” was detected in a third party library used by the PrivDog standalone application, which potentially affects a very small number of users.
It said: “This potential issue is only present in PrivDog versions, 3.0.96.0 and 3.0.97.0. The potential issue is not present in the PrivDog plug-in that is distributed with Comodo Browsers and Comodo has not distributed this version to its users. There are potentially a maximum of 6,294 users in the USA and 57,568 users globally that this could potentially impact. The third party library used by PrivDog is not the same third party library used by Superfish.”
Previously, concerns were raised about Privdog as researcher Hanno Böck said that the flaw turns “your browser into one that just accepts every HTTPS certificate out there, whether it’s been signed by a certificate authority or not”. PrivDog is shipped with products produced by Comodo, whose certificates are used in ten other provider services.
Privdog said that the issue potentially affects a very limited number of websites as in some circumstances, self-signed certificates do not trigger a browser warning but encryption is still provided to the end user, hence security via encryption remains intact. “The potential issue is only present if a user visits a site that actually has a self-signed certificate,” it said.
“We take security very seriously and we will continue to protect our users from malicious websites and malicious advertising. We thank all the researchers who contribute to make the internet safer.”