Lenovo's all-in-one computers found to have significant security vulnerabilities
Lenovo Urges Yoga AIO Users to Prepare for Upcoming Firmware Updates
Lenovo has announced that urgent firmware updates are required for several of its all-in-one PC models, including the Yoga AIO 27IAH10, Yoga AIO 32ILL10, and Yoga AIO 9 32IRH8, due to six critical security vulnerabilities. As of now, only the IdeaCentre AIO 3 models have received their fixed firmware versions.
The vulnerabilities in question could allow attackers with local administrative privileges to execute arbitrary code with system-level access or read sensitive SMRAM contents. If exploited, these flaws could compromise the entire system.
The updates for the Yoga models are currently in development and are scheduled for release. The Yoga AIO 32ILL10 and Yoga AIO 9 32IRH8 updates are slated for release by September 30, 2025, while the Yoga AIO 27IAH10 update is scheduled for release by November 30, 2025.
Attackers could potentially gain access to the UEFI firmware before the PC starts, making it crucial for users to keep their systems up-to-date. Lenovo recommends that users regularly check their current BIOS version, monitor Lenovo’s official support website for the release of these updates, and apply the firmware updates promptly once they become available.
Lenovo also suggests using its automated update management tools to simplify the deployment process. No confirmed active exploitation of these flaws has been reported yet, but the vulnerabilities are considered serious given the potential for complete system compromise after local access is obtained.
Users are advised to remain vigilant and prepare for the upcoming updates. Once available, the firmware updates for the Yoga models will be downloadable and installable via the Lenovo support page.
For those who own the IdeaCentre AIO 3 models, the firmware updates are already available and can be downloaded and installed via the Lenovo support page.
[1] Lenovo Security Advisory - LNSAA-25-008 [2] Lenovo Support - IdeaCentre AIO 3 Firmware Updates [3] Lenovo Support - Yoga AIO Firmware Updates [4] Lenovo Security Bulletin - Critical Security Vulnerabilities in Lenovo PCs
- To ensure secure data-and-cloud-computing operations and prevent potential system compromise, Yoga AIO users should prepare for the upcoming firmware updates as recommended by Lenovo's security advisory (LNSAA-25-008).
- In addition to keeping their systems updated for protection against threats, Yoga AIO users can streamline the firmware update process by utilizing Lenovo's technology-driven update management tools, as suggested by Lenovo Support.
