Intel hit with multiple lawsuits over Meltdown, Spectre bugs

By on
Intel hit with multiple lawsuits over Meltdown, Spectre bugs

Intel is facing three class-action lawsuits as the company continues to grapple with fallout after it acknowledged its chips were vulnerable to two massive security bugs.

The three complaints, which were filed in the days after revelations that Intel chips are vulnerable to these security bugs, cite Intel's "failure to disclose" the security vulnerability in a timely fashion.

"Intel has been aware of a material defect in its microchips that leaves its customers susceptible to unauthorised access by hackers… Intel knew of the material defect in its microchips and intentionally chose not to disclose the defect to its customers. Intel’s material defect can be patched — but patched computers, smartphones and devices suffer reduced performance," stated one of the lawsuits, filed in the District of Oregon.

Intel declined to comment on the lawsuits.

The flaws, called Spectre and Meltdown, potentially could enable hackers to extract protected data such as passwords and encryption keys.

Patches either already have been released or are being rushed out by Intel as well as OS and cloud providers including Microsoft, Google, Amazon and Apple.

However, the three plaintiffs allege that these patches of the security issues on their systems will slow down their system performance.

Intel, for its part, has said it already has issued updates for the majority of processors introduced in the past five years. The company said by the end of next week it "expects to have issued updates for more than 90 percent of processor products introduced within the past five years".

Furthermore, Intel said that the security issues are not from the processor designs themselves, but in the approach that researchers used to compromise a system.

"Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively," the company said in a statement.

Furthermore, the three lawsuits cite not just the security vulnerability itself, but also Intel's failure to disclose these vulnerabilities. 

Intel was informed by Google about the vulnerability in June and In November Intel CEO Brian Krzanich cashed out US$24 million worth of stock in the company, according to a report by Business Insider.

Intel, for its part, told Business Insider that the sale was part of a standard stock-sale plan and had nothing to do with the disclosed chip vulnerability.

This article originally appeared at crn.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?