Lenovo's all-in-one computers come with substantial security vulnerabilities
Lenovo Announces Firmware Updates for Yoga AIO Models to Address Security Vulnerabilities
Lenovo has announced plans to release firmware updates for several Yoga all-in-one PC models to address critical security vulnerabilities. The affected models include the Yoga AIO 32ILL10, Yoga AIO 9 32IRH8, and Yoga AIO 27IAH10.
Firmware, also known as UEFI/BIOS, is the fundamental software that starts and operates a computer, stored on chips on the mainboard. These security vulnerabilities, if exploited, could potentially allow attackers to gain access to the UEFI before the PC starts, allowing them to store malicious code and fully compromise the computer.
Currently, firmware updates are available for the IdeaCentre AIO 3 models (O6BKT1AA). Users can download and install these updates via Lenovo's Support Page. Regularly checking Lenovo's Support Page is recommended for users of the affected Yoga models to ensure the safety of their devices.
Unfortunately, no initial updates are available for the Yoga AIO 27IAH10, Yoga AIO 32ILL10, and Yoga AIO 9 32IRH8 all-in-one PCs. Lenovo plans to release updates for these models by specific dates:
- Yoga AIO 32ILL10 and Yoga AIO 9 32IRH8: Updates are scheduled for release by September 30, 2025.
- Yoga AIO 27IAH10: Update is planned for release by November 30, 2025.
Lenovo has already released patches for affected IdeaCentre models. However, the Yoga model fixes are still pending with these target dates. The links to download the firmware updates for the IdeaCentre AIO 3 models can be found on Lenovo's Support Page.
It's important to note that these updates aim to fix serious UEFI security flaws that could allow attackers with local admin privileges to execute code with system-level privileges. Lenovo encourages users to monitor Lenovo’s official support site for the firmware updates and apply them promptly once available.
The article does not provide information about any additional steps users should take beyond downloading and installing the firmware updates to secure their Lenovo PCs. Users are advised to follow Lenovo's instructions carefully and seek professional help if needed.
[1] Lenovo Support Page for IdeaCentre AIO 3 models [2] Lenovo Support Page for Yoga AIO 27IAH10 [3] Lenovo Support Page for Yoga AIO 32ILL10 [4] Lenovo Support Page for Yoga AIO 9 32IRH8
Lenovo is planning to release data-and-cloud-computing updates for the Yoga AIO 32ILL10 and Yoga AIO 9 32IRH8 models by September 30, 2025, to address critical security vulnerabilities in their firmware, similar to the updates already provided for the IdeaCentre AIO 3 models.
As for the Yoga AIO 27IAH10, Lenovo plans to release its security updates by November 30, 2025, and users can monitor the Lenovo Support Page for updates and instructions on how to apply them.
