Lenovo criticized yet again for a major security vulnerability

Lenovo under fire again after new vulnerabilities discovered.

Published
Updated
44 seconds read time

Lenovo, the No. 1 PC manufacturer based on units sold, is being accused of a "massive security risk" that allows hackers to utilize a man-in-the-middle attack to download malware onto victims' systems. Security researchers at IOActive say the vulnerability allows hackers to download malware or hijack the systems themselves.

Lenovo criticized yet again for a major security vulnerability | TweakTown.com

The flaw takes aim at ThinkPad, ThinkStation and ThinkCenter products, and B, E, K, and V-series models. Lenovo was first alerted to the issue in February, and was given time to release a patch - which was made available last month - before IOActive shared the news publicly.

"An attacker can create a fake [certificate authority] and use it to create a code-signing certificate, which can then be used to sign executables," according to the advisory. "Since the System Update failed to properly validate the certificate authority, the System Update will accept the executables signed by the fake certificate and execute them as a privileged user."

This newest security vulnerability follows just months after Lenovo faced heavy criticism for pre-installing the controversial Superfish adware - and the company later released a patch to help users remove.

NEWS SOURCES:zdnet.com, blog.lenovo.com

An experienced tech journalist and marketing specialist, Michael joins TweakTown to cover everything from cars & electric vehicles to solar and green energy topics. A former Staff Writer at DailyTech, Michael is now the Cars & Electric Vehicles News Reporter and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog, AlamedaTech.com, while he looks to remain busy in the tech world.

Newsletter Subscription

Similar News

Related Tags