Monday, 6 June 2016

On 01:38 by admin   No comments
Exploit could lead to man-in-the-middle attack against desktop and laptop systems running the Lenovo Accelerator Application.

Chinese PC firm Lenovo has advised users of its desktop and laptop systems to uninstall a pre-loaded app that could allow hackers to execute code remotely and carry out a man-in-the-middle (MitM) attack.

In an advisory, Lenovo said the vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available. Every time the app queried the server, the system could be exposed to MitM attacks.

According to the firm, the Lenovo Accelerator Application is used to speed up the launch of Lenovo applications and was installed in some notebook and desktop systems preloaded with the Windows 10 operating system.

It said that it recommended that customers uninstall the app by going to the “Apps and Features” application in Windows 10, selecting Lenovo Accelerator Application and clicking on “Uninstall”.

The flaw was discovered by Mikhail Davidov, senior security researcher at Duo Security.


Post a comment