"On May 7, 2026, security researcher Andreas Makris published a detailed report identifying serious vulnerabilities in Yarbo's remote diagnostic, credential management, and data-handling systems. The core technical findings are accurate. I would like to thank Mr. Andreas Makris for his work in identifying these issues and for his persistence in bringing them to our attention. I also recognize that our initial response did not adequately reflect the seriousness of the issues he identified."
"Based on our preliminary review, the issues primarily relate to historical design choices in parts of Yarbo's remote diagnostic, access management, and data handling systems. Specifically, certain legacy support and maintenance capabilities did not provide users with sufficient visibility or control, and some authentication and credential management mechanisms did not meet the security standards we expect for today's products. We have also identified areas where access permissions, backend system configurations, and data flows between devices and cloud services require stronger protections and stricter controls."
"We recognize the seriousness of these issues and the concerns they may have caused for our customers and community. We sincerely apologize for the impact this situation has created, and we are committed to addressing these issues in a transparent and responsible manner. Our engineering, product, legal, and customer support teams are working on remediation as the highest priority. What follows is my account of what was found, what we've already fixed, what we're actively fixing, and what we're committing to change in how we operate going forward."
Serious vulnerabilities were identified in remote diagnostic, credential management, and data-handling systems. The findings are considered accurate, and accountability is taken for what shipped and for the response. Remediation is prioritized across engineering, product, legal, and customer support teams. The issues are linked to historical design choices, including legacy support and maintenance capabilities that lacked sufficient user visibility and control. Some authentication and credential management mechanisms did not meet expected security standards. Additional weaknesses involve access permissions, backend configurations, and data flows between devices and cloud services, requiring stronger protections and stricter controls. Acknowledgment is made of customer and community concerns, with an apology and a commitment to transparent, responsible remediation.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]