In February of this year, the Razer Blade series of laptops were exposed to firmware vulnerabilities related to Intel ME. The CVE number was CVE-2018-4251 and was originally discovered on Apple laptops prior to macOS 10.13.5. But because it is part of the Intel motherboard firmware, many vendors’ products have been affected.
As early as last year, Apple has fixed this security hole. However, last month, security researcher Bailey Fox publicly disclosed the vulnerability in the Razer computer. Bailey Fox, who had been struggling for a long time, decided to expose the matter on Twitter to get the company’s attention.
@Razer @RazerSupport After trying for a month to get this dealt with via HackerOne, I'm bringing this public. All current Razer laptops are shipped in Intel Manufacturing Mode, and have full R/W on the SPI flash. This is a direct repeat of CVE-2018-4251. This is still not fixed.
— fox8091 (@fox8091_1) March 21, 2019
Fox said, “after trying for a month to get this dealt with via HackerOne, I’m bringing this public. All current Razer laptops are shipped in Intel Manufacturing Mode, and have full R/W on the SPI flash. This is a direct repeat of CVE-2018-4251. This is still not fixed.”
Hey! Thanks for mentioning us. Our Systems Team would like to check on this. Could you please tell us more about the challenges with your Razer laptop via DM and we'll take it there.
— RΛZΞR Support (@RazerSupport) March 21, 2019
“Razer has been alerted to certain Intel Management Engine vulnerabilities in the Intel chipsets of several Razer laptop models,” a spokesperson told The Register. “To address this issue, Razer laptops will ship from the factory with an update to remove these vulnerabilities. For currently shipped products, Razer has provided a software tool to apply this update.”