Lenovo's all-in-one computers found to have significant security vulnerabilities
Lenovo Issues Firmware Updates for IdeaCentre AIO 3 Models, Yoga Models Still Pending
Lenovo has announced the release of firmware updates for their IdeaCentre AIO 3 models to address six critical security vulnerabilities. These updates can be downloaded from the Lenovo Support Page. However, the security patches for the Lenovo Yoga AIO 27IAH10, Yoga AIO 32ILL10, and Yoga AIO 9 32IRH8 models are not yet available, with updates expected by September 30, 2025, for the Yoga AIO 32ILL10 and Yoga AIO 9 32IRH8, and by November 30, 2025, for the Yoga AIO 27IAH10.
The vulnerabilities, which could allow local attackers with existing privileges to gain complete system control, are related to EFI System Management Mode (SMM) components. If exploited, these vulnerabilities could lead to privileged code execution or memory disclosure.
Owners of the affected Yoga models are advised to regularly check Lenovo's official support website for updates. Lenovo also recommends enabling automatic update mechanisms if available on their devices to streamline patch deployment.
Here is a summary of the expected release dates for the security patches:
| Model | Security Patch Release Date | Status | |----------------------|--------------------------------|----------------------| | Yoga AIO 32ILL10 | September 30, 2025 | Pending release | | Yoga AIO 9 32IRH8 | September 30, 2025 | Pending release | | Yoga AIO 27IAH10 | November 30, 2025 | Pending release |
Users can visit Lenovo’s official support portal, enter their model numbers (Yoga AIO 27IAH10, 32ILL10, 9 32IRH8), and review the Drivers & Software section for BIOS updates.
It is crucial for users of the affected Yoga models to stay vigilant and regularly check the Lenovo Support Page for updates to protect their devices from potential threats. The Lenovo Support Page is the source where users can download and install the firmware updates for the affected PC models once they become available.
Firmware updates, also known as UEFI/BIOS, are essential software for starting and operating a computer, stored on chips on the mainboard. While the specific nature or impact of the six security vulnerabilities on the Lenovo Yoga models is not detailed in the article, given the critical nature of these vulnerabilities, owners are advised to monitor Lenovo’s announcements closely and apply updates promptly once available. The article does not specify a deadline for the firmware updates or any potential consequences for not updating the PCs.
The firmware updates for the IdeaCentre AIO 3 models, which address critical security vulnerabilities, are now available on the Lenovo Support Page. However, for the Lenovo Yoga AIO models, data-and-cloud-computing technology users should regularly check the Lenovo Support Page for updates, as the security patches are pending and will be released by September 30, 2025, for the Yoga AIO 32ILL10 and Yoga AIO 9 32IRH8, and by November 30, 2025, for the Yoga AIO 27IAH10.
