&format=webp)
Just three months after Lenovo was accused of installing dangerous software onto its computers, another accusation has been leveled against the world's largest PC manufacturer.
Security firm IOActive said that it discovered several major vulnerabilities in Lenovo’s update system which could let hackers bypass validation checks, replace legitimate programs with malicious software, and run commands from remote locations.
The firm further explained that through one of the vulnerabilities, hackers could create a fake certificate authority to sign executable commands, allowing malicious software to pose as official Lenovo software,
If a Lenovo owner updates their machine in a coffee shop, for example, somebody else could use the security hole to swap Lenovo’s programs with their own. This particular security hole along with others mentioned by IOActive, can be found in Lenovo System Update 5.6.0.27 and earlier versions.
The vulnerabilities were first discovered in February by security specialists and brought to Lenovo’s attention at the time. The company developed a fix and issued a patch that removes the bugs, but owners of Lenovo computers will need to do download the security update themselves so as to avoid having their computers compromised.
-
Technology 27.06.2018Flying Taxis in Nairobi -
Technology 28.02.2018Check out day 2 highlights
-
Technology 09.01.2018The iPhone is 11 years today
&format=webp)
&format=webp)
&format=webp)
&format=webp)
&format=webp)
&format=webp)