Lenovo driver goof poses security risk for users of 25 notebook models - fivenewscrypto
Terkini Populer Kategori
Headline
Loading...

mercredi 9 novembre 2022

Lenovo driver goof poses security risk for users of 25 notebook models

Lenovo driver goof poses security risk for users of 25 notebook models
mercredi 9 novembre 2022
Lenovo driver goof poses security risk for users of 25 notebook models

Enlarge (credit: Getty Images)

More than two dozen Lenovo notebook models are vulnerable to malicious hacks that disable the UEFI secure boot process and then run unsigned UEFI apps or load bootloaders that permanently backdoor a device, researchers warned on Wednesday.

At the same time that researchers from security firm ESET disclosed the vulnerabilities, the notebook maker released security updates for 25 models, including ThinkPads, Yoga Slims, and IdeaPads. Vulnerabilities that undermine the UEFI secure boot can be serious because they make it possible for attackers to install malicious firmware that survives multiple operating system reinstallations.

Not common, even rare

Short for Unified Extensible Firmware Interface, UEFI is the software that bridges a computer’s device firmware with its operating system. As the first piece of code to run when virtually any modern machine is turned on, it’s the first link in the security chain. Because the UEFI resides in a flash chip on the motherboard, infections are difficult to detect and remove. Typical measures such as wiping the hard drive and reinstalling the OS have no meaningful impact because the UEFI infection will simply reinfect the computer afterward.

Read 6 remaining paragraphs | Comments


Share with your friends

Add your opinion
Disqus comments

Ads Auto