Tech

Lenovo begs users to uninstall Accelerator app in the name of security

The Windows 10 software is riddled with security holes which could lead to device hijacking.

Written by Charlie Osborne, Contributing Writer June 2, 2016 at 4:56 a.m. PT

Lenovo has urged users to uninstall bloatware bundled on Windows 10 devices by the company after critical security holes were discovered.

This week, the Chinese PC maker said in a security advisory a vulnerability within the company's Lenovo Accelerator Application software is a "high severity" problem which could give attackers the avenue to launch man-in-the-middle (MITM) attacks against users.

MITM attacks occur when a vulnerable machine has been infected with malware which contains surveillance capabilities or a vulnerable web browser is communicating with an insecure server.

This type of attack, unlike adware, may not show visible signs that your communication or activities are being monitored -- but everything from financial details to user credentials can be intercepted and stolen, leading to remote code execution or device hijacking.

In the case of Lenovo's Accelerator software -- which is meant to speed up the launch of some Lenovo applications -- the vulnerability lies within the "update mechanism where a Lenovo server is queried to identify if application updates are available."

Some may call the software value-added, but it is often known as bloatware or crapware and is not required to run a system properly and so can safely be removed.

Dubbed CVE-2016-3944, DuoLabs first discovered the vulnerability in original equipment manufacturers (OEM) updaters also developed by Asus, Acer, Dell and Hewlett-Packard.

The Lenovo security flaw is present in a number of notebook and desktop systems preloaded with Microsoft's Windows 10 operating system.

The full list of impacted devices is vast but include the Lenovo Notebook 305, Edge 15, Flex 2 Pro and Yoga product lines. In addition, Lenovo's IdeaCenter and Yoga Home 500 are amongst the 39 desktop models impacted by the security flaw. You can read the full list here.

Lenovo ThinkPad and ThinkStation devices are not affected by this security issue.

The Chinese PC maker recommends that users immediately uninstall the software. You can do so by going to the 'Apps and Features' application in Windows 10, selecting the Lenovo Accelerator Application and clicking on "Uninstall."