Logitech has released a security patch for one of its apps after it previously ignored a bug report from the Google Project Zero security team for three months.
The vulnerability was found in versions of Options, a Logitech app that lets users customize buttons and the behavior of their mice, keyboards, and touchpads.
Back in September, Google security researcher Tavis Ormandy discovered that the app was opening a WebSocket server on users’ computers.
The problem was that this server featured support for a bunch of intrusive commands, used a registry key to auto-start on each system boot, and came with a lackadaisical authentication system.