Skip to main content
  1. Home
  2. Computing
  3. News

Security vulnerability leaves Razer laptops vulnerable to hacks

By
Razer Blade Stealth 2019
Dan Baker/Digital Trends

Some of Razer’s gaming laptops are currently impacted by a vulnerability that could leave the devices open to attacks. As reported by The Register, a security vulnerability in the Intel processors on Razer laptops was first discovered by a security expert in late March — and could mean that hackers might be able to implant malware and cause harm to affected systems.

A similar vulnerability to the one impacting Razer laptops — code-named CVE-2018-4251 — had previously been discovered in Apple laptops. In that case, Apple failed to disable what is known as Intel Manufacturing Mode on the system motherboard before sending systems off to consumers. Patches, however, were eventually released in late October to address the issue.

Recommended Videos

A similar problem also now applies to Razer laptops as, unlike Apple, the company apparently failed to initially spot or patch the vulnerability. It means that hackers who already hold administrative privileges could have the potential to modify the firmware on Razer gaming systems to infect with malware as they see fit. Hackers also could also change the firmware versions on the machines to hide malicious viruses, or even initiate the impacts from Meltdown vulnerability found in Intel’s chipsets. In both cases, any attacks from hackers would also be hard to spot by antivirus software — or even remove it.

Please enable Javascript to view this content

“Razer has been alerted to certain Intel Management Engine vulnerabilities in the Intel chipsets of several Razer laptop models. To address this issue, Razer laptops will ship from the factory with an update to remove these vulnerabilities,” Razer said in a statement.

According to Razer, products impacted by this vulnerability include the Base model of the 2018 Razer Blade 15, and also the 2018 and 2019 Razer Blade Advanced. Another model impacted is the 2018 Razer Blade Stealth 13. A software tool is being provided to apply an update to patch the issue with the Intel Management Engine, and it is being recommended for concerned users to approach Razer support for any assistance.

Razer is not alone when it comes to security vulnerabilities. Previously in 2016, a security researcher identified a Unified Extensible Firmware Interface (UEFI) bug in Lenovo’s ThinkPad System Management Mode (SMM) that would allow an attacker to bypass Windows’ security protocols.

Updated on April 3, 2019: Added a statement from Razer, link to the software tool, and more information on impacted models 

Editors’ Recommendations

Topics
Arif Bacchus
Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
You definitely want to install these 90 Windows security patches
Microsoft Surface Laptop Go 3 rear view showing lid and logo.

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC's system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro's Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Read more
Google is cracking down on internet security in this big way
Connection is not private warning from Google.

Google is making some serious changes to digital certificate security on the web, the company announced on its Security blog. The big news is that Google will no longer trust certificates from two large security firms -- Entrust or AffirmTrust -- due to repeated security lapses.

According to Google, the companies, which are Certificate Authorities (CA), have demonstrated patterns of unmet improvement commitments, compliance failures, and no measurable progress in how fast the company responds to publicly disclosed incident reports.

Read more
Your PC’s security is being attacked on two new fronts
Person using Windows 11 laptop on their lap by the window.

Your PC is facing a double whammy of cyber threats, both of them built into basic Windows features -- one that exploits Windows search and another a Wi-Fi vulnerability.

The first vulnerability allows hackers to exploit search in what researchers have called a "clever" way, as reported by Trustwave. It begins when users are tricked into downloading malware, starting with phishing emails with malicious .ZIP attachments containing HTML files disguised as invoices or something along those lines.

Read more