Andre Yoskowitz
7 May 2015 11:23
Three months ago, Lenovo was found to have pre-installed the 'Superfish' malware onto PCs, making the computers highly vulnerable to attacks. This week, security researchers have unveiled yet another 'massive security risk' in Lenovo PCs.
Security researcher firm IOActive found major exploits in Lenovo's own update system that could have allowed attackers to completely bypass any validation check and then replace legitimate Lenovo programs with malware, including software to gain remote access to your PC or run commands.
All of the security exploits are found in Lenovo System Update 5.6.0.27 and earlier and were first discovered in February. IOActive worked directly with Lenovo on a fix before going public with the exploits. "Lenovo's development and security teams worked directly with IOActive regarding their Lenovo System Update vulnerability findings," Lenovo said in a statement, "and we value their expertise in identifying and responsibly reporting them."
If you haven't already, make sure to update your system with the patches.
Check out more information on the vulnerabilities and the patches here: IOActive