Security researcher firm IOActive found major exploits in Lenovo's own update system that could have allowed attackers to completely bypass any validation check and then replace legitimate Lenovo programs with malware, including software to gain remote access to your PC or run commands.
All of the security exploits are found in Lenovo System Update 22.214.171.124 and earlier and were first discovered in February. IOActive worked directly with Lenovo on a fix before going public with the exploits. "Lenovo's development and security teams worked directly with IOActive regarding their Lenovo System Update vulnerability findings," Lenovo said in a statement, "and we value their expertise in identifying and responsibly reporting them."
If you haven't already, make sure to update your system with the patches.
Check out more information on the vulnerabilities and the patches here: IOActive
Written by: Andre Yoskowitz @ 7 May 2015 11:23