Unfixable bug in Intel and Lenovo firmware poses security risk

0 0
Read Time:1 Minute

Unpatched Firmware Bug Affects Intel and Lenovo Devices

Recent reports have revealed that certain Intel and Lenovo products are affected by an unfixable bug in their firmware, leaving them vulnerable to potential hacking. The bug, which has remained unpatched for years, poses a significant risk as the impacted products have reached their “end-of-life” status and will not receive any further software updates.

The Lighttpd Vulnerability: Background and Impact

The security firm Binarly recently published a report highlighting security issues related to Lighttpd, an open-source web server widely used in various tech products, including firmware components. In the summer of 2018, maintainers of Lighttpd identified a remotely exploitable software vulnerability that could allow cybercriminals access to sensitive security information.

While the maintainers quietly addressed the issue within their code, they did not formally document it with a CVE identifier, which is crucial for companies to patch vulnerabilities. This oversight has left numerous products, such as those from American Megatrends International (AMI) and subsequently Lenovo and Intel, vulnerable to the bug.

Implications for Lenovo and Intel Devices

Lenovo has acknowledged the concern raised by Binarly regarding the AMI MegaRAC vulnerability and is collaborating with suppliers to assess any potential impacts on Lenovo products. Intel, on the other hand, has stated that the affected devices are no longer supported, meaning that no updates, including security patches, will be provided.

See also
IBM Expands AI Software Offerings on AWS Marketplace

An article from Ars Technica notes that the severity of the Lighttpd vulnerability is moderate and only becomes exploitable if combined with a more severe exploit. Binarly researchers have indicated that the bug could enable an attacker to access memory information from the Lighttpd Web Server process, potentially leading to data exfiltration and security mechanism bypass.

Conclusion

While the unpatched firmware bug in Intel and Lenovo devices may not pose an immediate threat on its own, it serves as a significant security concern due to its exploitable nature. The lack of software updates for end-of-life products leaves them susceptible to potential cyberattacks, emphasizing the importance of proactive security measures and continuous monitoring of vulnerabilities in tech products.

Image/Photo credit: source url

About Post Author

Chris Jones

Hey there! 👋 I'm Chris, 34 yo from Toronto (CA), I'm a journalist with a PhD in journalism and mass communication. For 5 years, I worked for some local publications as an envoy and reporter. Today, I work as 'content publisher' for InformOverload. 📰🌐 Passionate about global news, I cover a wide range of topics including technology, business, healthcare, sports, finance, and more. If you want to know more or interact with me, visit my social channels, or send me a message.
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %