http://ift.tt/1ZNziIk Apple faces its first legal action over Meltdown and Spectre
in the United States, even though the vulnerabilities were found to affect nearly all computers and other devices
, according to court documents reviewed by MacRumors.
Meltdown and Spectre are serious hardware-based vulnerabilities that take advantage of the speculative execution mechanism of a CPU, allowing hackers to gain access to sensitive information. All modern Intel, ARM, AMD, and Nvidia processors are affected, with many patches and mitigations already released.
Anthony Bartling and Jacqueline Olson filed a class action complaint against Apple last week in a U.S. district court in San Jose on behalf of anyone who purchased a device with an ARM-based processor designed by Apple, ranging from the A4 to A11 Bionic chips used in iPhone, iPad, iPod touch, and Apple TV models.
The complaint alleges that Apple has known about the design defects giving rise to the Meltdown and Spectre vulnerabilities since at least June 2017, and could have disclosed details to the public more promptly.
An excerpt from the complaint:
ARM Holdings PLC, the company that licenses the ARM architecture to Apple, admits that it was notified of the Security Vulnerabilities in June 2017 by Google’s Project Zero and that it immediately notified its architecture licensees (presumably, including Apple) who create their own processor designs of the Security Vulnerabilities.
The complaint added that it is unlikely Apple would be able to fully and adequately release fixes for Meltdown and Spectre without the performance of its processors decreasing by between five and 30 percent.
Apple addressed Meltdown in macOS High Sierra 10.13.2 and iOS 11.2, while Spectre mitigations were introduced in a macOS 10.13.2 supplemental update and iOS 11.2.2, both of which were released early last week. The vulnerabilities have also been addressed in older versions of macOS and OS X.
Despite one claim that Apple’s patch for Spectre resulted in a significant performance decrease on one developer’s iPhone 6s, Apple said its testing indicated that the Safari-based mitigations had no measurable impact on its Speedometer and ARES-6 tests and an impact of less than 2.5 percent on the JetStream benchmark.
The complaint expects at least 100 customers to be part of the proposed class, with the combined sum of compensatory and punitive damages expected to exceed $5 million if the case proceeds to trial.
A group of Israelis have filed a request with the Haifa District Court to file a class action lawsuit against Apple, Intel, and ARM over Meltdown and Spectre as well, according to local news publication Hamodia.
iPhone Slowdown Lawsuits Continue to Mount
Apple continues to face an increasing number of lawsuits that either accuse the company of intentionally slowing down older iPhones, or at least of failing to disclose power management changes it made starting in iOS 10.2.1.
In the United States, the iPhone maker now faces at least 39 class action complaints as of January 15, according to court documents compiled by MacRumors. Additional lawsuits have been filed in France, Israel, Russia, Korea, and Vietnam, with another pending in Canada, bringing the total to 45.
Many of the lawsuits demand Apple compensate all iPhone users who have experienced slowdowns, offer free battery replacements, refund customers who purchased brand new iPhones to regain maximum performance, and as Apple has already promised, add more detailed info to iOS about a device’s battery health.
We’ve already answered many frequently asked questions about Apple’s power management process, and covered the issue extensively, so read our past coverage for more information about the matter.
Discuss this article in our forums