Intel has confirmed that it has been hit with 32 class-action lawsuits over Spectre and Meltdown vulnerabilities. One class-action, filed by the City of Providence, demands $5 billion.
In a statement, Intel said, “30 customer class-action lawsuits and two securities-class action lawsuits have been filed. The customer class-action plaintiffs, who purport to represent various classes of end users of our products, generally claim to have been harmed by Intel’s actions and/or omissions in connection with the security vulnerabilities and assert a variety of common law and statutory claims seeking monetary damages and equitable relief. The securities class action plaintiffs, who purport to represent classes of acquirers of Intel stock between July 27, 2017 and January 4, 2018, generally allege that Intel and certain officers violated securities laws by making statements about Intel’s products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities.”
Attacks exploiting the flaws could be used to recover encryption keys, passwords and other data stored in memory.
“Intel’s microprocessor chips are defective because they possess significant security vulnerabilities that, if exploited, permit an adversary to access sensitive data stored elsewhere on the machine or in the cloud,” the complaint said.
Intel isn’t the only company to manufacture CPUs that are vulnerable to these flaws. Some of the CPUs built by Advanced Micro Devices have the Spectre vulnerability. ARM has confirmed that three of its cores have some or all of the vulnerabilities.
Intel, ARM and Advanced Micro Devices (AMD) have all been hit with class-action lawsuits over the flaws in the U.S. and overseas.
The U.S. District Court of Northern California last month accused AMD of deceiving shareholders when it reported there was “near zero risk” of its chips being susceptible to the Spectre flaw. Eight days later, AMD reversed its statement.
