You get a lawsuit! And you get a lawsuit! And you! Now Apple sued over CPU security flaws

iGiant up next in the Meltdown-Spectre-sueball-a-palooza

Apple iPod touch

Add Apple to the list of companies facing a legal backlash in the US over the Spectre and Meltdown CPU security fiasco.

A 17-page class-action complaint [PDF] – filed earlier this month in a San Jose district court in California – accuses the Cupertino iGiant of failing to keep the Arm-compatible processors in iPhones, iPads, and Apple TVs secure as advertised.

The claim does not cover the Intel-powered Macs Apple sells, which are also affected by Meltdown and Spectre. Chipzilla is separately fending off class-action claims over those CPU blunders.

The complaint, which cites The Register's original report on the processor industry's design cockups, claims Apple withheld information on the flaws from customers for months, selling products it knew to be vulnerable to data-theft attacks. Starting with the A6 chip in 2012's iPhone 5, Apple has designed and shipped its own custom Arm-compatible processor cores, meaning Cupertino had a hand in introducing insecurities into its silicon.

AMD CEO Lisa Su speaking at the firm's 2015 financial analyst day

Sueball smacks AMD over processor chip security flaw silence

READ MORE

On January 9, Apple finally confirmed that its Arm and x86-64 based gizmos and Macs running iOS, macOS, and tvOS were affected by Meltdown and Spectre to varying degrees. These security holes in the chip hardware can be exploited by malware and hackers to extract passwords and other sensitive information out of at-risk computers and handhelds.

Apple, and other manufacturers, were privately tipped off about the design weaknesses by Google researchers during summer last year.

"Based upon information and belief, defendant [Apple] has known about the design defect giving rise to the security vulnerabilities since at least June, 2017," the suit – filed by Anthony Bartling and Jacqueline Olson – claimed.

"Defendant has admitted that it released an update to its iOS operating system software to address the Meltdown technique in December, 2017, but Apple knew or should have known of the design defect much earlier and could have disclosed the design defect more promptly.

"Even after it was aware of the security vulnerabilities, Apple continued to sell and distribute iDevices without a repair or having made a disclosure about the Apple processor security vulnerabilities. The iDevices it sold and distributed were not of the quality represented and were not fit for their ordinary purposes."

The suit seeks a damage payout for everyone who purchased an iPhone, iPad, or AppleTV since 2007, with two named plaintiffs in New Hampshire and New York also seeking damages under state laws.

The filing alleges two counts of breach of warranty (implied and express), one count of negligence, one count of unjust enrichment, and violations of New Hampshire's Consumer Protection Act and New York's General Business Law.

Apple did not return a request for comment on the suit. ®




Biting the hand that feeds IT © 1998–2018