Technology and gaming content trusted in North America and globally since 1999
8,611 Reviews & Articles | 60,961 News Posts

Lenovo criticized yet again for a major security vulnerability

Lenovo under fire again after new vulnerabilities discovered

Michael Hatamoto | May 6, 2015 at 1:41 pm CDT (0 mins, 55 secs time to read)

Lenovo, the No. 1 PC manufacturer based on units sold, is being accused of a "massive security risk" that allows hackers to utilize a man-in-the-middle attack to download malware onto victims' systems. Security researchers at IOActive say the vulnerability allows hackers to download malware or hijack the systems themselves.

Lenovo criticized yet again for a major security vulnerability | TweakTown.com

The flaw takes aim at ThinkPad, ThinkStation and ThinkCenter products, and B, E, K, and V-series models. Lenovo was first alerted to the issue in February, and was given time to release a patch - which was made available last month - before IOActive shared the news publicly.

"An attacker can create a fake [certificate authority] and use it to create a code-signing certificate, which can then be used to sign executables," according to the advisory. "Since the System Update failed to properly validate the certificate authority, the System Update will accept the executables signed by the fake certificate and execute them as a privileged user."

This newest security vulnerability follows just months after Lenovo faced heavy criticism for pre-installing the controversial Superfish adware - and the company later released a patch to help users remove.

Last updated: Apr 6, 2020 at 08:43 pm CDT

Michael Hatamoto

ABOUT THE AUTHOR - Michael Hatamoto

An experienced tech journalist and marketing specialist, Michael joins TweakTown looking to cover everything from consumer electronics to enterprise cloud technology. A former Staff Writer at DailyTech, Michael is now the West Coast News Editor and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog, AlamedaTech.com, while he looks to remain busy in the tech world.

Related Tags