Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Intel faces trio of class action lawsuits over Meltdown & Spectre security holes

Last updated

Intel is staring down class action lawsuits in California, Indiana, and Oregon over the Meltdown and Spectre vulnerabilities exposed in modern processors, which can be used to access restricted memory in unpatched devices.

The suits, seen by AppleInsider, were filed in California, Indiana, and Oregon. One common thread through each is the delay between when researchers brought the issue to Intel's attention in June and its January disclosure. Another is the potential slowdown caused by available software fixes, though Intel has previously insisted that any performance hits are "workload-dependent" and "should not be significant" for the average person. The company is also promising to lessen the impact in future updates.

The California suit alleges that users have caused class members to "lose money and property by being overcharged for and paying for the defective CPUs. Similarly, the Oregon-based suit alleges that users "suffered an actual ascertainable loss of the purchase price they paid for their microchip" and purports that had the flaw been known earlier that a purchase from a competitive vendor would have been likely.

California's suit is case 5:18-CV-00046. Indiana's and Oregon's are 1:18-cv-00029 and 6:8-cv-00028 respectively.

The Indiana suit leans on degradation of CPU performance with any fixes to be applied. It alleges that class members suffer from a choice of buying a new computer with a processor that does not contain the flaw or must continue to use a computer "with massive security vulnerabilities or one with significant performance degradation."

Meltdown and Spectre exploit a feature in Intel and ARM processors called "speculative execution," which calculates multiple instruction branches simultaneously, predicting which one is most likely to be used. Meltdown mainly affects Intel chips, dating as far back as 1995.

On Thursday Apple acknowledged that while iOS 11.2, macOS 10.13.2, and tvOS 11.2 included fixes to protect against Meltdown, it still has more work to do, including patching watchOS and Safari to defend against Spectre. Further updates should be available in a matter of days.

Intel and ARM-based chip designs are ubiquitous in the technology industry, used in the majority of computers, phones, tablets, and wearables. Apple relies on Intel CPUs for Macs, and ARM technology for the A- and S-series chips found in iPhones, iPads, iPods, and Apple Watches.



9 Comments

tzm41 8 Years · 95 comments

It's worth acknowledging that AMD processors are also vulnerable to the Spectre exploit.

lkrupp 19 Years · 10521 comments

tzm41 said:
It's worth acknowledging that AMD processors are also vulnerable to the Spectre exploit.

The CEO of AMD was interviewed on CNBC this morning. She tiptoed around the Meltdown flaw without claiming that AMD was immune but made it clear AMD was better prepared to handle it. She admitted that AMD was vulnerable to Spectre and then spun it on the operating system vendors to fix.

mknelson 9 Years · 1148 comments

lkrupp said:
The CEO of AMD was interviewed on CNBC this morning. She tiptoed around the Meltdown flaw without claiming that AMD was immune but made it clear AMD was better prepared to handle it. She admitted that AMD was vulnerable to Spectre and then spun it on the operating system vendors to fix.

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

Interesting read from last Friday - Ars take on the responses from Intel, AMD, and ARM.