Yet another major fail from a hardware vendor. The tl;dr version is this: Asus laptop comes with a software called LiveUpdate that deliver updates from Asus. The problem is it does so insecurely and without proper validation. So that makes it possible for someone to perform MiTM and deliver fake updates.
Source: *indrora->mind — DeadUpdate; Or, How I learned to stop worrying and…