Lenovo's All-in-one Computers Suffer from Severe Security Breaches
Lenovo Yoga AIO Security Firmware Updates Scheduled for September and November
Lenovo has announced that it will be releasing security firmware updates for several models of its Yoga AIO computers, including the Yoga AIO 32ILL10, Yoga AIO 9 32IRH8, and Yoga AIO 27IAH10. As of July 31, 2025, these updates are currently scheduled but not yet released.
For the Yoga AIO 32ILL10 and Yoga AIO 9 32IRH8 models, security firmware updates are expected by September 30, 2025. The Yoga AIO 27IAH10 is scheduled to receive its security firmware update on November 30, 2025.
These updates are intended to address critical UEFI/BIOS vulnerabilities that could allow attackers with local administrative access to execute arbitrary code with system-level privileges, compromising system security including Secure Boot.
Currently, firmware updates (O6BKT1AA) are available for the IdeaCentre AIO 3 24ARR9 and IdeaCentre AIO 3 27ARR9 models. Users of Yoga AIO models should monitor Lenovo’s official support site regularly and apply the updates immediately once available.
Lenovo also provides automated update management tools to assist both regular and enterprise users in applying these critical firmware patches promptly.
The affected Lenovo PC models include IdeaCentre AIO 3 24ARR9, IdeaCentre AIO 3 27ARR9, Yoga AIO 27IAH10, Yoga AIO 32ILL10, and Yoga AIO 9 32IRH8. Lenovo has identified six security vulnerabilities in the firmware of certain all-in-one PCs, four of which are classified as critical.
Attackers could potentially exploit these security vulnerabilities to gain access to the UEFI before the PC starts, store malicious code, and fully compromise the computer. Therefore, these updates are crucial to mitigate risks of local privilege escalation or arbitrary code execution related to BIOS/UEFI vulnerabilities discovered and reported earlier in 2025.
Summary Table
| Model | Security Firmware Update Release Date | Current Status | |--------------------|---------------------------------------|-----------------------------------| | IdeaCentre AIO 3 24ARR9 | Available | Installed | | IdeaCentre AIO 3 27ARR9 | Available | Installed | | Yoga AIO 32ILL10 | September 30, 2025 | Update pending | | Yoga AIO 9 32IRH8 | September 30, 2025 | Update pending | | Yoga AIO 27IAH10 | November 30, 2025 | Update pending |
Owners of these Yoga models should regularly check Lenovo Support Page for firmware updates to ensure their computers are protected against these critical vulnerabilities.
Data-and-cloud-computing technology plays a vital role in Lenovo's automated update management tools, enabling users to promptly apply critical firmware patches to address UEFI/BIOS vulnerabilities. The upcoming security firmware updates for Lenovo Yoga AIO computers are a testament to their commitment to maintaining system security in the face of potential attacks.
