In Wake Of Meltdown And Spectre Bug Debacle, Intel Hit With Multiple Class-Action Lawsuits


Printer-friendly version Email this CRN article

Intel is facing three class-action lawsuits as the company continues to grapple with fallout after it acknowledged its chips were vulnerable to two massive security bugs.

The three complaints, which have been filed in the days after revelations that Intel chips are vulnerable to these security bugs, cite Intel's "failure to disclose" the security vulnerability in a timely fashion.

"Intel has been aware of a material defect in its microchips that leaves its customers susceptible to unauthorized access by hackers. … Intel knew of the material defect in its microchips and intentionally chose not to disclose the defect to its customers. Intel’s material defect can be patched — but patched computers, smartphones and devices suffer reduced performance," stated one of the lawsuits, filed in the District of Oregon.

[Related: Cisco Investigating Dozens Of Routers, Switches, Servers That May Be Affected By Spectre, Meltdown Exploits]

Intel, Santa Clara, Calif., declined to comment on the lawsuits.

The flaws, called Spectre and Meltdown, potentially could enable hackers to extract protected data such as passwords and encryption keys.

Patches either already have been released or are being rushed out by Intel as well as OS and cloud providers including Microsoft, Google, Amazon and Apple. However, the three plaintiffs allege that these patches of the security issues on their systems will slow down their system performance.

Intel, for its part, has said it already has issued updates for the majority of processors introduced in the past five years. The company said by the end of next week it "expects to have issued updates for more than 90 percent of processor products introduced within the past five years."

Furthermore, Intel said that the security issues are not from the processor designs themselves, but in the approach that researchers used to compromise a system.

"Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively," the company said in a statement.

Furthermore, the three lawsuits cite not just the security vulnerability itself, but also Intel's failure to disclose these vulnerabilities. 

Printer-friendly version Email this CRN article