Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

AP Photo/Ron Harris

Lenovo computers have another 'massive security risk'

A patch for the issue has already been released, but users need to update manually.

Updated: 12:55

THREE MONTHS AGO, Lenovo got into trouble over Superfish, a software add-on which was to bring up extra ads but instead carried a serious security flaw, allowing any hacker to carry out man-in-the-middle attacks remotely.

Now another major security flaw has emerged, allowing hackers to bypass security checks, replace Lenovo software with their own and issue commands remotely.

The security firm IOActive discovered the flaw back in February and informed Lenovo of the problem who then issued a patch at the beginning of April.

Describing it as a “massive security risk”, one issue would allow basic user profiles to be changed so they gain admin-level access to a PC, allowing them to run any programmes or commands they wish.

Another issue would allow remote attackers to replace trusted Lenovo applications with their own malicious versions by creating fake certificates for files.

While a patch has been issued, users still need to download the update themselves so if you have System Update 5.6.0.27 or earlier on your Lenovo computer, you need to update it otherwise you’re at risk.

Lenovo issued a statement relating to the security flaw and patch.

Lenovo’s development and security teams worked directly with IOActive regarding their System Update vulnerability findings, and we value their expertise in identifying and responsibly reporting them.Lenovo released an updated version of System Update on April 1st which resolves these vulnerabilities and subsequently published a security advisory in coordination with IOActive at: https://support.lenovo.com/us/en/product_security/lsu_privilege.

Existing installations of System Update will prompt the user to automatically install the updated version when the application is run. Alternatively, users may manually update System Update as described in the security advisory.  Lenovo recommends that all users update System Update to eliminate the vulnerabilities reported by IOActive.

Read: ‘Dave was my rock’: Sheryl Sandberg takes to Facebook to remember her husband >

Read: Skype may be about to get a name change >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
18 Comments
    Install the app to use these features.
    Mute Bazzle Bush
    Favourite Bazzle Bush
    Report
    May 6th 2015, 11:36 AM

    Lenovo! Come on…

    50
    Install the app to use these features.
    Mute Hugh Joey Byrnes
    Favourite Hugh Joey Byrnes
    Report
    May 6th 2015, 11:53 AM

    any chance of sharing a link to download the patch?

    25
    Install the app to use these features.
    Mute Dietrich Död
    Favourite Dietrich Död
    Report
    May 6th 2015, 4:18 PM
    6
    Install the app to use these features.
    Mute Hugh Joey Byrnes
    Favourite Hugh Joey Byrnes
    Report
    May 6th 2015, 4:24 PM

    Thanks. . . ashamed to say, I own a lenovo. . . . after 9 years with HP, i chose lenovo. . . .. bad mistake

    1
    See 1 more reply ▾
    Install the app to use these features.
    Mute Dietrich Död
    Favourite Dietrich Död
    Report
    May 6th 2015, 6:21 PM

    I wouldn’t say that. I have a Lenovo Yoga 2 Pro and I’m quite pleased with it, the previous ‘superfish’ adware scandal was shockingly dubious, but this just seems like a normal security flaw.

    3
    Install the app to use these features.
    Mute David Geraghty
    Favourite David Geraghty
    Report
    May 6th 2015, 11:51 AM

    I’ll stick with Mac thanks very much. Not a security glitch in sight, thanks Apple.

    17
    Install the app to use these features.
    Mute Dietrich Död
    Favourite Dietrich Död
    Report
    May 6th 2015, 4:16 PM

    Mac OS has had plenty of security issues.

    11
    Install the app to use these features.
    Mute Avina Laaf
    Favourite Avina Laaf
    Report
    May 6th 2015, 11:37 AM

    It might be a trivial detail, but shouldn’t the headline have got the brand name right?

    16
    Install the app to use these features.
    Mute John Hagin Meade
    Favourite John Hagin Meade
    Report
    May 6th 2015, 11:46 AM

    @Avina Laaf:

    Can you please explain what is wrong with the headline. I’m puzzled.

    1
    Install the app to use these features.
    Mute hjGfIgAq
    Favourite hjGfIgAq
    Report
    May 6th 2015, 11:48 AM

    Yep, I may have hit the publish button a little too quickly there. Apologies for that. It’s corrected now.

    16
    Install the app to use these features.
    Mute Jimmy Murphy
    Favourite Jimmy Murphy
    Report
    May 6th 2015, 11:38 AM

    Sweet Jesus.

    Those Levonos are absolute dung.

    Having seen the problems some mates have had with them along with this, I’ll never even consider buying one.

    11
    Install the app to use these features.
    Mute bothyhead
    Favourite bothyhead
    Report
    May 6th 2015, 11:54 AM

    Lenovo made some of the best laptops ever, the IBM ThinkPads.

    I have a low-end Lenovo, which is perfect for my needs. The first thing I did the day it arrived was to eradicate Windows 8.1, and install Linux Mint. It works like a charm.

    37
    Install the app to use these features.
    Mute Manford Payce
    Favourite Manford Payce
    Report
    May 6th 2015, 12:19 PM

    IBM ThinkPads were the business. When they sold ThinkPad to Lenovo they started out doing a pretty decent job of carrying on that legacy. But then they tried to leverage the rep of ThinkPad to a bigger market with lower quality and the whole brand suffered.

    This is a software problem though. They’re loading their products up with all sorts of shite which is almost impossible to get rid of (I’m sure some tech experts will scoff and tell me how easy this is, but for the average user it’s beyond our capabilities) and it’s really off putting. I’d be hugely reluctant to buy another until they stop that nonsense.

    20
    See 1 more reply ▾
    Install the app to use these features.
    Mute Dietrich Död
    Favourite Dietrich Död
    Report
    May 6th 2015, 4:11 PM

    The Thinkpad X1 Carbon is one of the best laptops manufactured. Sure there’s lots of cheap Lenovo laptops knocking around but you need to be able to differentiate between their product lines.

    1
    Install the app to use these features.
    Mute Unfortunately
    Favourite Unfortunately
    Report
    May 6th 2015, 1:03 PM

    I love how IT security issues are presented – massive threat etc. In fact there is extremely slim chance any Lenovo owner should be worried. All these vulnerabilities require many things to happen at the same time and you would have super slim chance to become a victim in fairness. Some people may not even use said software on their Lenovos (I don’t) – so unaffected. Most of those threats exists only in theory anyway rather than being real threat – but you won’t hear that as all these security experts need to justify their jobs :)

    10
    Install the app to use these features.
    Mute Manford Payce
    Favourite Manford Payce
    Report
    May 6th 2015, 1:30 PM

    Aye. That and the fact that the worse they could do if they got into my computer is access my netflix account or buy themselves some banana protectors on ebay.

    I store my government secrets in a code etched into the side on my back teeth.

    10
    Install the app to use these features.
    Mute Chris
    Favourite Chris
    Report
    May 6th 2015, 12:00 PM

    Levono well alone.

    9
    Install the app to use these features.
    Mute Allen Nicholson
    Favourite Allen Nicholson
    Report
    May 6th 2015, 1:01 PM

    This all boils down to bloatware that manufacturers insist on installing on machines. The best way to solve the problem is to wipe the hard drive and start fresh with a clean install of the same version of windows that was on it.

    7
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.
JournalTv
News in 60 seconds