Chitika banner

Thursday, January 11, 2007

Acer releases LunchApp ActiveX vulnerability patch

Well 2007 got off to a bit of a bumpy start, didn’t it?

First the Ferrari storm and now a security flaw. I can understand how the Ferrari thing didn’t go down too well but the response to this security flaw was astounding. I mean, check out this post. Talk about tough love…

Acer has just released a Press Release about the issue and, more importantly, a patch.

After a bit of research, it turns out that this application is part of the bundled software suite that comes with every Acer computer. Ironically, it seems it was originally designed as a technology facilitator. Ahh the best-laid plans…

I’m copying a description of the application I found on the discussion forums over at Broadband Reports.com

lmanager.exe is a process associated with Acer Launch Manager from Dritek System Inc.."LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions" U LaunchApp Alaunch.exe Acer Launch tool utility on laptops U LaunchAp LaunchAp.exe Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610 Author: Dritek System Inc.Part Of: Acer Launch ManagerLManager.exe file informationThe process Acer Launch Manager Keyboard Application belongs to the software Acer Launch Manager by Dritek System Inc (www.dritek.com.tw).

So what have we got? A simple bundled program designed to give users even greater control over their hardware that in time (9 years is a long time in my book), became something vulnerable to malicious attacks.

Doesn’t the same description tell the story of a LOT of software programs out there? That’s why most of us install upgrades and security patches and some even switch from Internet Explorer to Firefox, isn’t it?

So, back to the problem. Judging by the contents of the press release, Acer introduced this patch into its OEM manufacturing process on 4th December. What that means is that all computers built by Acer’s suppliers after that date will not be affected by the flaw.

Then, following standard procedures, it was passed on to the global service team and finally to the public.

My advice? Download it and feel better about your PC.

Posted by Michael Walsh at 6:02 pm

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)