Razer finally fixed Intel ME firmware vulnerability on Blade models

Intel Management Engine vulnerability

In February of this year, the Razer Blade series of laptops were exposed to firmware vulnerabilities related to Intel ME. The CVE number was CVE-2018-4251 and was originally discovered on Apple laptops prior to macOS 10.13.5. But because it is part of the Intel motherboard firmware, many vendors’ products have been affected.

As early as last year, Apple has fixed this security hole. However, last month, security researcher Bailey Fox publicly disclosed the vulnerability in the Razer computer. Bailey Fox, who had been struggling for a long time, decided to expose the matter on Twitter to get the company’s attention.

Fox said, “after trying for a month to get this dealt with via HackerOne, I’m bringing this public. All current Razer laptops are shipped in Intel Manufacturing Mode, and have full R/W on the SPI flash. This is a direct repeat of CVE-2018-4251. This is still not fixed.

Razer has been alerted to certain Intel Management Engine vulnerabilities in the Intel chipsets of several Razer laptop models,” a spokesperson told The Register. “To address this issue, Razer laptops will ship from the factory with an update to remove these vulnerabilities. For currently shipped products, Razer has provided a software tool to apply this update.

Via: TechSpot