The Superfish adware program - which offered shopping tips - was shipped on some of the companies notebook devices.
Lenovo said on Thursday it had disabled it because of customer complaints.
But a later statement said the company was also aware of a security risks about the software, and the company was "focused on fixing it".
"We apologise for causing these concerns among our users - we are learning from this experience and will use it to improve what we do and how we do it in the future," the company said.
Lenovo said it had acted "swiftly and decisively" and that users could download a patch to remove Superfish.
Superfish was designed to help users find products by visually analysing images on the web to find the cheapest ones.
Users had initially complained about intrusive pop-up ads appearing on their browsers.
Computer experts later warned that the software was potentially compromising their security.
Superfish appears to work by substituting its own security key for the encryption certificates used by many websites.
This would allow it - or anyone who hacked Superfish - to collect data over secure web connections.