Do you own Lenovo Devices? Patch quickly to avoid getting hacked!

No featured articles available

Check back soon for the latest updates and featured content.

Users who have Lenovo devices are requested to update their software to protect against the critical vulnerabilities discovered in their device. The company quietly rolled out patches for all vulnerabilities for all of its Android tablets, vibe and zuke phones on October 5. Imre Rad, an independent security researcher, discovered the vulnerabilities on May 10th and notified the bugs to the company on May 14th. Vulnerabilities were discovered in the Lenovo service framework (LSF) android application which is used by several different Android applications on Lenovo devices. Lenovo said LSF is used to receive a push notification from its servers regarding promotions for the app, news, notices, surveys. It is also used to facilitate emergency app repairs and upgrades when needed. Imre Rad said that LSF can be exploited by hackers to download code into their devices from an arbitrary server resulting in remote code execution.

Here are details of the vulnerabilities

published on the website

CVE-2017-3758 – Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.

CVE-2017-3759 – The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.

CVE-2017-3760 – The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.

CVE-2017-3761 – The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.

“Available actions to attackers include changing system settings, executing shell commands or installing additional packages. Malicious actors could abuse the LSF to deploy code components persistently in parts of the flash memory so that the only removal method would be the factory reset,” said Imre Rad.

We advise every Lenovo users to update their devices with the patches released by the company immediately.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

Do you own Lenovo Devices? Patch quickly to avoid getting hacked!

Users who have Lenovo devices are requested to update their software to protect against the critical vulnerabilities discovered in their device.The company quietly rolled out patches for all vulnerabilities for all of its Android tablets, vibe and zuke p

Share Your Story!

No featured articles available

Users who have Lenovo devices are requested to update their software to protect against the critical vulnerabilities discovered in their device.The company quietly rolled out patches for all vulnerabilities for all of its Android tablets, vibe and zuke p

Stay Updated with the Latest Cybersecurity News