Skip to main content

More serious security flaws found in Lenovo computers

posted onMay 6, 2015
by l33tdawg

Lenovo has issued a patch for a flaw in its computers, which researchers say could allow hackers to replace trusted apps with malicious versions.

Security researchers at IOActive said in an advisory detailing three separate vulnerabilities that hackers could bypass checks to ensure the integrity of apps, allowing them to run malware on an affected Lenovo machine.

"An attacker can create a fake [certificate authority] and use it to create a code-signing certificate, which can then be used to sign executables," the advisory says. "Since the System Update failed to properly validate the certificate authority, the System Update will accept the executables signed by the fake certificate and execute them as a privileged user."

Source

Tags

Lenovo Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th