Security concerns have yet again engulfed Lenovo computers, even as three new flaws have been discovered in systems from the company by researchers from a security firm named IOActive. These can prove to be extremely dangerous, as they can enable hackers to perform activities like bypassing validation checks, replacing legitimate programs with malicious software and running commands as an administrative user.
All these security holes exist in the Lenovo System Update 22.214.171.124 and its earlier versions. IOActive researchers have gone on to say that any attacker can create a fake certificate of authority to sign executables in order to allow malicious software to disguise itself as an official utility from the Chinese company.
When a user is updating their computer, another user from the same network can easily execute such an attack. But there’s good news as Lenovo has already released a fix for this through a new software update that needs to be downloaded manually.
IOActive had first discovered these security flaws during February this year, and had immediately notified Lenovo about them in order to allow it to quickly develop a fix for them. The Chinese company had its development and security teams work along with IOActive to come up with the answer to the problem.
Just three months ago, another similar situation had arisen for Lenovo in the form of Superfish. A preloaded adware, it altered the search results of users by showing them different ads than the ones they would otherwise see. Moreover, it also had a loophole through which attackers could snoop into your browser traffic.
The world’s largest PC manufacturer sure has had a lot on its plate in terms of controversies over the last few months. It’s time for the company to take stock of the situation and work towards ensuring that such security risks do not not pop up again.