Security firm ESET have discovered multiple UEFI vulnerabilities in over 100 different Lenovo laptop models that allow attackers with admin privileges to “expose the user to firmware-level malware.”
Luckily for many, these can be patched by updating the notebook’s firmware. The problem is that a number of affected models are nearing the end of developmental support, including the Ideapad 330-15IGM and Ideapad 110-15IGR.
“Altogether, the list of affected devices contains more than one hundred different consumer laptop models with millions of users worldwide,” ESET researchers explain, “from affordable models like Ideapad-3 to more advanced ones like Legion 5 Pro-16ACH6 H or Yoga Slim 9-14ITL05.”
The firm reported all discovered vulnerabilities to Lenovo last October, who then develop and released a patch to fix the issue.
The full list of affected models with active development support is published in theĀ Lenovo Advisory.
