More security flaws for world’s biggest PC seller

More security flaws for world’s biggest PC seller
© Getty Images

Chinese-based PC manufacturer Lenovo was found to have another “massive security risk” in its computers, just months after the company admitted to pre-installing flawed software on its machines that exposed users to hackers.

Lenovo on Wednesday released a patch for the new vulnerabilities, which researchers at security firm IOActive said let digital attackers install spyware on the computer or take control of the machine’s system.


Lenovo’s system was “arbitrarily executing commands” issued by malicious intruders, the researchers explained.

That potentially allows an attacker to "bypass signature validation checks and replace trusted Lenovo applications with malicious applications," they said.

In a statement, Lenovo encouraged users to update their systems “to eliminate the vulnerabilities.”

The world’s largest PC vendor has been under heightened scrutiny in recent months.

It was revealed in February that Lenovo devices were pre-loaded with flawed software called “Superfish.” The program injected ads into Internet browsers, but could also be easily co-opted by hackers to snoop on users’ web traffic, collect personal data and imitate websites.

The problem affected tens of millions of devices worldwide.

The Department of Homeland Security urged anyone who had purchased a Lenovo computer since 2010 to erase “Superfish” from their devices.

Lenovo eventually issued its own fix for the bug, which wiped the software completely off of the device.