Home
Laptops
Laptops News
Lenovo, Dell, Toshiba PC Vulnerability Exposes Millions to Attack: Report

Lenovo, Dell, Toshiba PC Vulnerability Exposes Millions to Attack: Report 2x1c34

By Manish Singh | Updated: 7 December 2015 16:37 IST

ment

Some laptops and PCs from Toshiba are reportedly vulnerable to attack. A vulnerability has been found in the suite of apps that these leading manufacturers pre-install on their devices. Millions of s are estimated to be affected. d5x6w

A security professor who goes by the alias slipstream/ RoL has posted a proof-of-concept to demonstrate the vulnerability in the bloatware shipped by Lenovo, Dell, and Toshiba that can allow attackers to run malware at the system level.

The vulnerability can be exploited when a visits a specially-crafted webpage. When a victim with an affected system visits the page, an attacker is able to run code with full system privileges on the system. From this point forward, an attacker can install malware and spyware on the system.

For Lenovo s, the vulnerability resides in Lenovo Solution Center, a program that is designed to let s know the system's health, security, and network status. The security researcher noted that if these devices are already affected with malicious apps, an attacker doesn't even need to visit any website to get attacked.

CERT, a non-profit United States federally funded research and development centre, wrote the following in an advisory. "By convincing a who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local can execute arbitrary code with SYSTEM privileges." The organisation further urges s to uninstall Lenovo System Center.

Lenovo has acknowledged the bug in an advisory it posted last week. "We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this security advisory page as they become available."

A similar vulnerability has been found in Dell System Detect program. The discovery of the program comes less than a month after the US company was found to have rogue certificate on its computers. Toshiba bundles Service Station tool on its system that can be abused in a similar fashion.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.