When it comes to security, you like to think that your computers are at least the little bit safe from people who might want to cause you harm. We are reminded on a weekly basis that this may not be true as companies are hacked, accounts are sold online and software is hacked. The latest of these is a breach that sees Lenovo’s ThinkPads suffering from a zero-day firmware issue that could leave the laptops exposed to all kinds of security risks.
The zero-day exploit is courtesy of a privilege escalation flaw found within the Unified Extensible Firmware Interface (UEFI) driver. The exploit, titled ThinkPwn, was published by researcher Dmytro Oleksiuk and would allow hackers to execute code as if they were part of the System Management Mode (SMM). The SMM is typically reserved as a privileged operating mode for the CPU.
The flaw could be used to disable features such as Secure Boot, something that helps protect your computers against boot-level rootkits. According to Lenovo, the flaw was not in their unique version of the UEFI but rather in an implementation provided to the company. As a precaution, Lenovo has stated that they are now working with various companies to rule out any additional issues in the BIOS code provided to the company.
AMD has released a significant update for gamers playing Warhammer 40,000: Space Marine 2, introducing…
The AMD Ryzen 5 7600X3D is making waves in the gaming world, beating some of…
PlayStation’s newest release, Astro Bot, has become a massive hit in Japan, where it has…
A major announcement may be on the horizon for Xbox gamers. According to Jez Corden…
Larian Studios has unleashed a new wave of creativity for Baldur's Gate 3 players with…
Go beyond performance with the latest 14th Generation Intel Core processors, based on the Raptor-Lake…