Lenovo seems to be in straits after its computers were troubled with security issues. Lenovo which is the world’s largest maker of consumer PCs was in a similar mess earlier this year, when its consumer notebooks were found to include preloaded adware called Superfish that could compromise users’ data.
The researchers discovered three new issues at at IOActive. A list containing the possible cyber crimes was sent to the tech firm.
According to the IOActive researchers, Lenovo allows an attacker to execute commands from the same system on a Lenovo device through Lenovo System Update Tool.
The second vulnerability enables a hacker to bypass signature validation provision on Lenovo devices and replace trusted applications with malicious ones.
Last but not the least, it gives cyber criminals an opportunity to run commands with administrative rights.
Lenovo has not only thanked researchers at IOActive, but also released a solution for their problems. It directed the users to install the latest version of Lenovo Security Update (5.06.0034) which fixes these flaws.