Tavis Ormandy of Google's Project Zero discovered a serious authentication vulnerability in Logitech's Options application, but the peripheral device maker has yet to address the flaw.
The Logitech Options app, which configures the company's mice and keyboards in Windows, relies on an ineffective authentication mechanism that enables malicious webpages to execute code on a victim's machine.
Tavis Ormandy, vulnerability researcher with Google's Project Zero, found the flaw in the Logitech Options app when he tried to rebind a button on his Logitech mouse. He published details about the critical vulnerability when Logitech took more than 90 days to address the issue. Ormandy contacted Logitech and met with Logitech engineers in September.