image credit: Pixabay

Lenovo Warns of ThinkPad Bugs, One Unpatched

August 15, 2019

Dozens of Lenovo’s flagship ThinkPad models are vulnerable to bugs ranging in severity from low to high. Two of the flaws are tied to industry-wide security bulletins, while a medium-severity flaw affects only Lenovo laptops but remains unpatched.

The most severe of the three bugs is a high-severity Bluetooth vulnerability (CVE-2019-9506) disclosed on Tuesday by Microsoft as part of its August security patch roundup. The flaw is described as an “encryption key negotiation of Bluetooth vulnerability” that could allow a nearby attacker to perform an information-disclosure or an escalation-of-privileges attack, according to a U.S. Computer Emergency Readiness Team (US-CERT) description.

The flaw is tied to the way the short-range Bluetooth radio technology encrypts its end-to-end communications for security and privacy.

Read More on Threat Post