Lenovo responds to security risk reports, points to fix

Sean Michael

White Lenovo

Recently we reported a “massive security risk” found in Lenovo devices that has had updates available to fix the issue for multiple weeks. Here are some of their official statements on the issue as well as a link to guide users to make sure the update solving the security issue is installed.

Here is a portion of the Lenovo’s System Update Vulnerability Mitigation Statement:

“Lenovo’s development and security teams worked directly with IOActive regarding their Lenovo System Update vulnerability findings, and we value their expertise in identifying and responsibly reporting them. Lenovo released an updated version of Lenovo System Update on April 1st, which resolves these vulnerabilities.”

Lenovo’s support page has a summary and description of the security issue found by IOActive. They also describe what users should do to protect themselves:

“Starting from April 1, 2015, run Lenovo System Update and install the latest version of the application, version 5.06.0034 or later. You can determine the currently installed version by opening Lenovo System Update, clicking on the green question mark in the top right corner and then selecting “About.”

Steps to update:

Lenovo System Update automatically checks for a later version whenever the application is run.  Click OK when prompted that new version is available.”

If users want to do the update manually Lenovo provided this linkWhile there was a security flaw, Lenovo worked with IOActive to resolve the issue through the linked update.