Lenovo is still recovering from the Superfish scandal, and now the company is caught up in another mess. IOActive Lab issued a new report recently that exposed a major security flaw in Lenovo computers that could have let cybercriminals install malware on your computer.
"Local and potentially remote attackers can bypass signature validation checks and replace trusted Lenovo applications with malicious applications," said the advisory.
The flaw is in Lenovo's System Update software and could give hackers the ability to access your computer like a system update. They could use this access to run code and install malicious software.
Luckily, Lenovo took quick action to correct this error. It worked with IOActive Lab to create a patch in April to fix the problem and keep customer computers safe from hackers.
"Lenovo released an updated version of System Update which resolves these vulnerabilities and subsequently published a security advisory in coordination with IOActive. Lenovo recommends that all users update System Update to eliminate the vulnerabilities reported by IOActive."
If you or someone you know has a Lenovo computer, you need to install the latest version of System Update. To do this, open the System Update program on your computer. It will automatically search for new updates.
If you're running into trouble, you can visit the Lenovo support page to download the update manually.