A vulnerability relating to specific UEFI drivers has been discovered by Dmytro Oleksiuk (aka Cr4sh) and has been dubbed 'ThinkPwn' since the bug was first discovered on a Lenovo ThinkPad system. The bug, however, is not limited to Lenovo systems as it relates to a more generic Intel firmware that can also be found on certain systems from Dell, HP, Fujitsu, and Gigabyte. Additional manufacturers have not yet been ruled out, either.
Note that the UEFI bug requires physical access to the individual system to exploit, so users are still safe from outside attackers. Of the listed manufacturers, the following models have been proven to be vulnerable to the 'ThinkPwn' bug:
- HP Pavillion DV7 4087CL (2010)
- Fujitsu Lifebook A574/H (2013)
- Dell Latitude E6430 (2012)
- Gigabyte Mainboards from Ivy Bridge up to Broadwell (Models: Z68-UD3H, Z77X-UD5H, Z87MX-D3H, Z97-D3H)
Perhaps more alarmingly is that these systems are quite old dating back to as early as 2010, so the extent of the bug can be very wide. So far, most of these manufacturers have not publicly acknowledged the vulnerability including Intel.
Lenovo is the exception as the company has provided a list of known affected models. Accordingly, ThinkPad notebooks running on the Skylake platform are not affected by the vulnerability while older Ivy Bridge models (X230, T430, etc.) up to Broadwell models (X250, T450s, etc.) are all affected. Numerous Ideapad systems are also affected and any potential BIOS updates to patch the security flaw has not yet been released.
Are you a techie who knows how to translate? Then join our Team!
Details here
Source(s)
Top 10 Laptops
Multimedia, Budget Multimedia, Gaming, Budget Gaming, Lightweight Gaming, Business, Budget Office, Workstation, Subnotebooks, Ultrabooks, Chromebooks
under 300 USD/Euros, under 500 USD/Euros, 1,000 USD/Euros, for University Students, Best Displays
Top 10 Smartphones
Smartphones, Phablets, ≤6-inch, Camera Smartphones