Connect with us

Hi, what are you looking for?



Lawsuits Filed Against Intel Over CPU Vulnerabilities

At least three class action lawsuits have been filed against Intel in the past days over the recently disclosed vulnerabilities that could allow malicious hackers to obtain potentially sensitive information from computers.

At least three class action lawsuits have been filed against Intel in the past days over the recently disclosed vulnerabilities that could allow malicious hackers to obtain potentially sensitive information from computers.

The Meltdown and Spectre attack methods uncovered by several independent research teams work not only against Intel processors, but also against CPUs from AMD and ARM. Intel has been hit the hardest – even its stock went down after initial reports claimed only Intel processors were affected – but the company says media reports describing the design flaws are overblown.

The lawsuits, all seeking class action status, have been filed in the Northern District of California, the Southern District of Indiana, and the District of Oregon, and they accuse Intel of violating state consumer protection laws. All complaints demand a jury trial.

In California, Branstetter, Stranch & Jennings of Nashville and Doyle APC of San Diego filed a consumer fraud case, accusing Intel of misleading consumers about the performance and reliability of its processors by selling a product with “fatal” security flaws.

The complaint filed in Indiana alleges that “Intel committed unfair and deceptive acts by representing that the Intel CPUs had performance, characteristics, or benefits which Intel knew or should reasonably have known they did not have.”

The chip giant has also been accused of breaching warranties by selling defective CPUs that it’s not willing to repair or replace free of charge. The Indiana lawsuit also claims the company was negligent in the manufacture and design of its processors.

In Oregon, plaintiffs say they are entitled to restitution based on Intel’s “intentional and knowing failures to disclose material defects.” The complaint claims plaintiffs would have acquired a CPU from an Intel competitor had they known about the flaws and the fact that they will end up with a slower product.

Advertisement. Scroll to continue reading.

The Meltdown and Spectre attacks allow malicious applications to bypass memory isolation mechanisms and access potentially sensitive data, including passwords, photos, documents, emails, and data from instant messaging apps. The bugs that make these attacks possible are said to date back 20 years.

Intel and other major tech companies have started releasing patches and workarounds for the vulnerabilities, and many believe it’s enough for the time being. Some have suggested that Intel may need to recall impacted CPUs, but the vendor says that will not happen considering that the issue can be mitigated at software level.

Significant performance penalties have been observed in some cases, but Intel says most consumers will not experience any problems, and it’s confident that any penalties will be mitigated over time.

AMD has confirmed that some of the flaws also affect its own processors, but claims the risk of attacks is “near zero.” ARM, whose technology is used by Apple and Qualcomm, also confirmed that nearly a dozen of its Cortex CPUs are impacted.

Related: Hackers Expected to Remotely Exploit CPU Vulnerabilities

Related: Industry Reactions to Meltdown, Spectre Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...