According to the Verge, Lenovo's update system could allow hackers to bypass validation checks, replace legitimate Lenovo programs with malicious software, and run commands from afar.

The security hole, along with others described by IOActive, are present in Lenovo System Update and earlier versions.

The vulnerabilities, which were first discovered by the security specialists back in February, were brought to Lenovo's attention at the time in order to allow the Chinese firm to develop a fix.

Lenovo had earlier come under fire from security researchers who said the company pre-installed a virus-like software from a company called Superfish on consumer laptops that hijacked web connections and allowed them to be spied upon.
Users reported as early as last June that a programme, also called Superfish, was 'adware', or software that automatically displays adverts.
Later, Lenovo decided not to pre-install software that reportedly was malicious and made devices vulnerable to hacking.