Posted on 05/10/2015 4:02:17 PM PDT by Utilizer
Researchers find more serious flaws.
Lenovo has been accused of putting users at "massive security risk" through newly-discovered flaws in its online product update service which allow hackers to download malware onto user systems through a man-in-the-middle (MiTM) attack.
The holes were revealed by security firm IOActive, just weeks after Lenovo was found to be shipping PCs with pre-installed ‘Superfish' adware that also left its users open to MITM attacks.
In an advisory today, IOActive researchers Michael Milvich and Sofiane Talmat said they had discovered “high-severity” privilege escalation vulnerabilities in Lenovo's system update service, which enables users to download the latest drivers and other software, including security patches, from Lenovo's website.
The researchers found the flaws in February, and have now gone public after giving Lenovo time to develop a patch, which the company issued last month.
(Excerpt) Read more at itnews.com.au ...
lenovo should have stuck to making Pizza!
Chicom Inside!
Most major software and hardware manufactures have at one time placed some sort of malware on their products. The Chinese are no different.
“Hi, I’m Bob from windows support. Your computer has a virus that is affecting other computers. Can you sign on for me? “
Yep. Anyone who buys Lenovo gets what they deserve.
bkmk
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.