Lenovo's all-in-one computers possess significant vulnerabilities in their security systems
Lenovo Urges Users to Update Yoga AIO PCs Over Critical Security Vulnerabilities
Lenovo has announced that several of its Yoga all-in-one PC models, including the Yoga AIO 27IAH10, Yoga AIO 32ILL10, and Yoga AIO 9 32IRH8, are affected by critical security vulnerabilities. The tech giant has advised users to check Lenovo's support pages regularly for firmware updates, which will be released in a staggered schedule by the end of 2025.
Four of the six discovered vulnerabilities in these Yoga models are considered critical, posing a significant threat to system security. These vulnerabilities require local privileged access to exploit but could potentially lead to complete system compromise, including the running of arbitrary code with system-level privileges.
Lenovo has already released BIOS updates for the affected IdeaCentre AIO 3 models, and users are encouraged to check their BIOS version and update promptly where fixes are available. The firmware update for the IdeaCentre AIO 3 models is identified as O6BKT1AA and can be downloaded and installed via the Lenovo support page.
For the Yoga models, firmware patches are still in development but are expected to be released on the following dates: Yoga AIO 32ILL10 and Yoga AIO 9 32IRH8 by September 30, 2025, and Yoga AIO 27IAH10 by November 30, 2025.
It's important to note that the firmware in these Yoga models, like other Lenovo all-in-ones, is the UEFI/BIOS software that starts and operates the computer. Potential exploitation of the discovered vulnerabilities could allow attackers to gain access before the PC starts, store malicious code, and take over the computer.
Lenovo provides automated update management tools to help streamline the update process, and users are encouraged to use these tools or manually check Lenovo’s official support website regularly to download and apply updates as soon as they become available.
In conclusion, users of the affected Yoga models should prioritise checking for and installing the forthcoming firmware updates to ensure the security of their systems. By staying vigilant and following Lenovo's guidance, users can help protect their devices from potential threats.
[1] Lenovo Security Advisory: LNSAAA00020 (https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/yoga-series/yoga-aio-27-20ih-series/yoga-aio-27iah10/support-and-drivers)
[2] Lenovo Security Advisory: LNSAAA00021 (https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/yoga-series/yoga-aio-3-series/yoga-aio-32-ill-series/yoga-aio-32ill10/support-and-drivers)
[3] Lenovo Security Advisory: LNSAAA00022 (https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/yoga-series/yoga-aio-9-series/yoga-aio-9-32-series/yoga-aio-9-32irh8/support-and-drivers)
[4] Lenovo IdeaCentre AIO 3 24ARR9 and IdeaCentre AIO 3 27ARR9 Security Advisory (https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/ideacentre-aio-3-series/ideacentre-aio-3-24arr9/support-and-drivers)
The security vulnerabilities in Lenovo Yoga AIO PCs are related to data-and-cloud-computing and technology, as they pose a significant threat to system security and could potentially lead to system compromise, including the running of arbitrary code. Lenovo urges users to update their Yoga AIO PCs by checking Lenovo's support pages regularly for firmware updates, which will be released in a staggered schedule by the end of 2025.
