New Lenovo UEFI firmware updates fix Secure Boot bypass flaws

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/new-lenovo-uefi-firmware-updates-fix-secure-boot-bypass-flaws/

Lenovo is warning of high-severity BIOS flaws that could let attackers bypass Secure Boot on all-in-one desktops using customized Insyde UEFI firmware.

Devices confirmed to be impacted are IdeaCentre AIO 3 24ARR9 and 27ARR9, and the Yoga AIO 27IAH10, 32ILL10, and 32IRH8.

UEFI is the modern replacement for the traditional PC BIOS, acting as a firmware interface between the computer's hardware and the OS, controlling early initialization and booting.

The flaws, discovered by Binarly, mirror those the researchers uncovered earlier this month, which impacted dozens of Gigabyte motherboard models, enabling local attackers to execute arbitrary code in System Management Mode (SMM).

Lenovo has released firmware security updates for IdeaCenter AIO 3 models, urging users to upgrade to version O6BKT1AA.

Yoga AIO updates aren't currently available, but the computer vendor plans to release fixes between September 30 and November 30, 2025.

New Lenovo UEFI firmware updates fix Secure Boot bypass flaws

Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface).

www.bleepingcomputer.com