Apple Faces Meltdown & Spectre Class Action Lawsuit
Class action lawsuit alleges that Apple hasn’t done enough to secure its products, which are not fit for purpose as a result
Apple is facing a class action lawsuit in the US over the industry-wide chip vulnerabilities known as ‘Meltdown’ and ‘Spectre’.
Essentially, the vulnerabilities affect the kernel of the chips and could allow an attacker to read information that should otherwise be inaccessible. This means an attacker could obtain passwords, encryption keys or steal information from other applications.
Chips made by Intel, AMD and ARM manufacturers are all affected, meaning all manner of devices are implicated.
Meltdown & Spectre Apple
This includes iPhones, iPads and Apple TV devices powered by Apple’s processor technology, which is built on ARM’s designs.
Apple confirmed iOS, tvOS and macOS were all vulnerable and has released mitigations. It is worth noting that the Mac and the Intel chips used to power the computers are not directly addressed in this lawsuit, although Intel itself is facing legal action.
Lawyers allege that Apple has known about the bugs in June and that fixes released for Meltdown so far have impacted performance. Furthermore it is claimed that Spectre has still not been sufficiently patched and there is no indication what effect that could have on the devices in question.
Had customers known this information, it is argued, they would not have bought the products in question and certainly not for the prices they had paid for them.
“In short, Defendant has not been able to offer an effective repair to its customers. A patch that cuts processor performance is not a legitimate solution, nor is any patch that does not fully eliminate the Security Vulnerabilities that can be exploited by the Meltdown or Spectre techniques,” reads the filing made to the US District Court for the Northern District of California in San Jose.
Silicon has contacted Apple for comment, but earlier this month it said it had no information on the vulnerabilities being exploited in the wild.
Microsoft has already issued an emergency patch for Windows 10, while Google has urged Android users to upgrade to the latest security update.
Public cloud providers, including Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure have also issued guidance to customers in what is arguably an unprecedented incident for the technology industry.