back to article You get a lawsuit! And you get a lawsuit! And you! Now Apple sued over CPU security flaws

Add Apple to the list of companies facing a legal backlash in the US over the Spectre and Meltdown CPU security fiasco. A 17-page class-action complaint [PDF] – filed earlier this month in a San Jose district court in California – accuses the Cupertino iGiant of failing to keep the Arm-compatible processors in iPhones, iPads, …

  1. Herby

    But will it get fixed?

    Given the amount of sueballs thrown, I suspect the the only "fix" to the problem will be in lawyers pockets. Little (if any) money will be put in the pockets of people who were harmed (assuming they were).

    Answer to the joke "A good start". Joke supplied upon request.

    1. Anonymous Coward
      Anonymous Coward

      Re: But will it get fixed?

      It has already been fixed via an iOS update. Since phones aren't doing the kind of heavy virtualized I/O that can lead to the up to 30% performance penalty observed on x86 cloud servers, there hardly any performance difference.

      1. Naselus

        Re: But will it get fixed?

        "Since phones aren't doing the kind of heavy virtualized I/O that can lead to the up to 30% performance penalty observed on x86 cloud servers, there hardly any performance difference."

        Except, conveniently, on the iPhone 6 that Apple would rather you replaced, where you get a mysterious 40% drop in performance. Which is pretty hard to explain, since phones apparently aren't doing the kind of heavy virtualized I/O that you get on x86 cloud servers.

        https://wccftech.com/apple-iphone-6-spectre-patch-speed-hit/

    2. SuccessCase

      Re: But will it get fixed?

      Surely it’s impossible Apple are responsible, when - according to The Register - they only sell rebranded Foxconn phones.

      1. Steve Davies 3 Silver badge

        Re: But will it get fixed?

        You forgot the /s at the end of your post. :) :)

  2. Aqua Marina

    GDPR

    This is the kind of thing likely to attract a big fine from the ICO if it happened in a few months time. 4% of Apple’s billions is going to hurt.

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: GDPR

      Err what? What do GDPR "documented processes about where personal data goes" have to do with anything?

      What ARE you smoking exactly? Must be a black afghan at least?

      1. Aqua Marina

        Re: GDPR

        Specifically, from the article "Apple withheld information on the flaws from customers for months, selling products it knew to be vulnerable to data-theft attacks.".

        The GDPR makes it a data controllers responsibility to ensure that data is held securely. Apple hold lots of personal data in the cloud that they suck up from iPhones. This suckage is enabled by default, so Apple is now the de-facto data controller. Apple products are now vulnerable to data-theft attacks, in other words there is a backdoor into Apples cloud, in other other words, data is now exposed.

        The ICO doesn't think much of the corporate excuse "we have no evidence that data was stolen", the act of simply exposing data whether it is stolen, viewed or not is considered a data breach.

        1. Aqua Marina

          Re: GDPR

          In fact I'll go one step further and suggest that AWS and Azure should be in the ICOs crosshairs. If they too were aware of this security flaw many months ago, then they have equally exposed data held on their cloud. They have probably no way of knowing if miscreants were firing up AWS and Azure virtual machines then trawling the servers memory using this flaw for anything that could be phished. If they knew about it, kept quiet about it, and didn't have the technical means to monitor that the flaw was not being used, then they have failed in their duty of care to ensure that data is kept separate between instances and have potentially exposed data.

        2. Doctor Syntax Silver badge

          Re: GDPR

          "Apple hold lots of personal data in the cloud that they suck up from iPhones. This suckage is enabled by default, so Apple is now the de-facto data controller."

          You'd have a point if the suit dealt with data taken from the Apple cloud. I may be wrong but I don't think Apple is running that on an array of A6s.

          1. Aqua Marina

            Re: GDPR

            They are running it with unrestricted uploads and downloads from pre-authenticated trusted devices which are susceptible to data theft. Is that enough to get your imagination going thinking about how to exploit it, or shall I get the crayons out?

  3. Anonymous Coward
    Anonymous Coward

    Companies always withhold details of security flaws

    Every time a research finds a hole and doesn't release details until the company can fix it, which is the norm for Apple, Google, Microsoft, Intel and so forth, they are selling products they "know are vulnerable."

    The lawsuit is stupid. If the judge found them liable for this the only remedy would be for companies to release details of security flaws the moment they are notified, which would be bad for everyone but the black hats.

    1. Anonymous Coward
      Anonymous Coward

      Re: Companies always withhold details of security flaws

      I agree. These lawsuits should be put to rest - at least until new CPU designs are available.

      Yes this is a major fuck-up, but it has affected everyone, from end users to the manufacturers themselves. What's done is done, the chips are out there and can't be easily replaced. At this point I think the most positive action is to leave the chip manufacturers alone so they can come up with a better design that doesn't have this problem or at least alleviates the performance hit.

      But I suspect they'll be battling legal cases and keeping money aside for that instead of putting it to development of new chips.

    2. Anonymous Coward
      Terminator

      Re: Companies always withhold details of security flaws

      > [ ... ] the only remedy would be for companies to release details of security flaws the moment they are notified, which would be bad for everyone but the black hats.

      That's not exactly true.

      Binary blob patches can be issued ahead of the vulnerability disclosure. This happens all the time.

      Apple could have easily and quietly pushed an iOS update between June 2017 and January 2018, which is when Spectre and Meltdown were publicly disclosed by Google. They had no problem quietly pushing iOS updates that slowed down older iPhone models.

      Ahem, cough, sorry, I mis-spoke. The latter iOS updates provided iPhone users with an enhanced and magical iPhone experience, and were not at all part of Apple's planned obsolence strategy.

      Apple chose not to do so for Meltdown and Spectre, and so did Intel, AMD, etc. They would have sat pretty on Meltdown and Spectre and done nothing. It was Google's disclosure that forced their hand.

      Disclaimer: I am not a Google fanboi by any stretch of imagination.

      1. Kevin Fairhurst

        Re: Companies always withhold details of security flaws

        If Apple had pushed a fix secretly, the black hats, hackers and others who constantly look for exploits in IOS would have found it by doing a diff between the two versions.

        They’d then have known about the issue, and would have looked to exploit it. Whether they’d have realised it was a fundamental hardware design issue, and thus moved the exploit across to desktops, who knows...

        1. Anonymous Coward
          FAIL

          Re: Companies always withhold details of security flaws

          > [ ... ] They’d then have known about the issue, and would have looked to exploit it. Whether they’d have realised it was a fundamental hardware design issue, and thus moved the exploit across to desktops, who knows...

          That makes absolutely no sense whatsoever. You are arguing that not patching the vulnerability for 6+ months - while pretending it didn't exist - was a better approach than patching it as soon as it was known and a mitigation patch was available.

          Also, you seem to severely underestimate the difficulty of reverse-engineering the root cause of a vulnerability by comparing the binary diffs between two or more different versions of binary code.

          For example, in the case of Meltdown, there are a number of perfectly valid reasons why kernel mapping should be moved to its separate and inaccessible address space, and these reasons have nothing to do with Meltdown or any other potential side-channel attacks.

          TV shows with teenage-aged hackers wearing hoodies and hacking into NSA from a laptop with stickers are not an accurate description of vulnerability reverse-engineering or penetration testing. You should stop watching these shows. Reality is nothing remotely close to that.

      2. Anonymous Coward
        Anonymous Coward

        How would binary blob patches prevent this lawsuit?

        Ignoring the fact that all iOS updates are "binary blob patches" since iOS isn't open source...

        They are suing because Apple knew about the flaw and continued selling products despite that knowledge. Between the time they were notified of the flaw and the time they released a fix (whether it is a binary blob patch or an update that includes full source code as in the case of Redhat) they were knowingly selling iPhones etc. that incorporated the flaw. That's the (stupid) basis of this lawsuit.

        Unless the security researchers who find the flaw somehow prepare a binary blob patch themselves and give it to Apple - which Apple immediately releases as an update without taking any time to test it - there would be a window where Apple knew of the flaw but continued selling products. I guess every time they are notified of a flaw they could pull all products from the shelves and quit selling them online, but you'd find it pretty hard to buy a cell phone, computer, TV, wireless router, car or pretty much any product that runs software since they'd be off the market pretty much 100% of the time if they were forced to adopt this policy to avoid lawsuits!

        1. Anonymous Coward
          Terminator

          Re: How would binary blob patches prevent this lawsuit?

          They are suing because Apple knew about the flaw and continued selling products despite that knowledge.

          Apple is being sued because (a) they knew about the flaw as early as June 2017 and (b) they did nothing about it and (c) they continued to sell a known defective product that (d) potentially exposes the users of said product to loss of personally identifiable information and/or involuntary disclosure of statutorily protected private information.

          (a), (b) and (c) are violations of implied warranty laws in several US States. (d) is a violation of privacy laws in several US States. In the particular case of medical information, it's a Federal violation.

          If your car started broadcasting the results of your latest blood tests, complete with full legal name, birth date, full address, social security number, would you be just as ambivalent about the car manufacturer having any liability in the unauthorized disclosure of your personal and statutorily protected information?

          Had Meltdown - at least - been patched in a reasonably quick timeframe after June 2017, when Apple first learned about the vulnerability, Apple would have had an out: "we patched the vulnerability as soon as we learned about it". Right now, they have none, because they did absolutely nothing for 6+ months, while continuing to sell defective products.

          1. Adam 52 Silver badge

            Re: How would binary blob patches prevent this lawsuit?

            "they continued to sell a known defective product"

            This, I think, is the argument I find most compelling.

            Suppose you knowingly sold cars that had higher emissions than you pretended in your brochure and had to modify them later. You might find your employees being prosecuted and your company sued. Watch out low-level Intel engineers.

          2. Pascal Monett Silver badge

            Nonsense

            Apple is being sued because lawyer sharks smell blood in the water, so they strike.

            Intel has acknowledged the fault, as have other chip makers. If there is anyone to be sued, it's them.

            Suing Apple is just because everyone knows that Apple has more money than it knows what to with.

      3. Doctor Syntax Silver badge

        Re: Companies always withhold details of security flaws

        "Binary blob patches can be issued ahead of the vulnerability disclosure. This happens all the time."

        Yes. They can be issued ahead of the disclosure but this requires time for development and testing. The complaint seems to be that the disclosure wasn't made immediately, neglecting the time needed to do things right.

        The correct procedure must surely be that the finder of the vulnerability discloses it confidentially to the vendors who then work out mitigations which can be released along with the disclosure. Anything else gives the opportunity for malware to be developed and released first. Given that we're dealing with kernel level stuff here errors in the patches can have effects on users right across the board so thorough testing and optimisation is going to be needed before release. Malware developers aren't going to face such constraints and would probably win the race. There is, in this particular instance, a real but limited cause for complaint - the BSD authors weren't included in the initial confidential disclosure.

    3. Anonymous Coward
      Anonymous Coward

      Re: Companies always withhold details of security flaws

      [insert company name here] is caught between a rock and a hard place.

      - Release the details when you get them and get sued when the bad guys exploit it because you have not kept the details quiet until you have a fix

      - Keep quiet until you have a fix and get sued for not telling the world and their flea ridden dogs about the exploit. sued for not telling the world about the vunerability.

      America 2018, where you are advised to pay $100 to a lawyer everytime you want to cross the road in case you have an accident that is clearly avoidable with a bit of common sense. {or something equally as stupid as that}

      - As for Apple getting sued for slowing down their processors, AFAIK, they never release performance data for the ARM based CPU's used in their iThings. These lawsuits only have benchmarks produced by third parties to go on. I wonder if that is Apple get out of jail card?

      Naturally, they could allow the idiots/dumb-asses that use their crap to switch off the protection for these exploits but then when those idiots are exploited Apple will get sued again.

      Perhaps it is time for Apple to just say, enough and shut up shop? There will be cheering from many here if they did but eventually, the legal cost of doing business will hit their bottom line and the stock will tank. I can't decide if this is a good thing or not. Sometimes Apple are as good as MS is as shooting themselves in the foot but with these cases, I wish the people sued would have to carry the costs of their failed suit. That might... nah it won't. Stop dreaming.

      Sue the living daylights out of everyone including the company cleaning the toilets at Apple because they are all liable for this!

      1. Anonymous Coward
        Mushroom

        Re: Companies always withhold details of security flaws

        The Apple fanbois have awakened.

        <SARCASM>

        In case it isn't clear yet: Apple's handling of Meltdown and Spectre is exquisite, outstanding and magical. In a class of its own.

        The fact that Apple - and others - kept shtum for 6+ months about two severe vulnerabilities to side-channel attacks, and had no intention whatsoever of doing anything about them until the cover was blown, is a model for all of us. Apple did nothing wrong.

        In Apple's reality distortion field, Meltdown and Spectre and the iPhone slowdown patches are the lawyers' fault.

        </SARCASM>

        1. Anonymous Coward
          Anonymous Coward

          @ST Re: Companies always withhold details of security flaws

          The information was planned to be publicly announced at CES, but people saw the footprints in Linux patches and figured it out early. Apple, Intel et al weren't conspiring to keep this a secret forever, just for a couple weeks longer than it was.

          What's your alternative, to announce details of it before anyone has patches to mitigate it ready so attacks can begin? Should vendors not coordinate, and instead make a mad rush to release patches as quickly as possible (and hope they don't break stuff) because they are worried someone else might beat them to it? Sounds like a high tech game of chicken.

          1. Anonymous Coward
            Terminator

            Re: @ST Companies always withhold details of security flaws

            > What's your alternative, to announce details of it before anyone has patches to mitigate it ready so attacks can begin?

            No, I already outlined the reasonable alternative: patch it as soon as technically sound and feasible while keeping the information about the vulnerability under embargo.

            How did Google and AWS manage to patch their servers - in December 2017 - a month before the vulnerability was disclosed?

            This wouldn't have been the first instance of handling security vulnerability patches with an information embargo, and it certainly won't be the last. This has been done in the past, many times.

            Please stop confusing the issue.

            Apple isn't being sued because Meltdown and Spectre exist. Apple is being sued because they have known about Spectre and Meltdown since June 2017 at the latest and they did absolutely nothing about either until the vulnerabilities were publicly exposed.

            1. Matthew 17

              Re: @ST Companies always withhold details of security flaws

              "Apple isn't being sued because Meltdown and Spectre exist. Apple is being sued because they have known about Spectre and Meltdown since June 2017 at the latest and they did absolutely nothing about either until the vulnerabilities were publicly exposed."

              True but that just shows that the fix took 6 months to write & test and go into production. That's the norm with any security issue that's discovered, you get a 6 month window to fix it before it goes public. These stories only create the panic when it goes over the 6 month period for the fix to be available. For how easy it was to patch would only be known to Apple's developers. There will likely be 100's of other yet to be public security issues they and similar are working on right now.

              1. Anonymous Coward
                Mushroom

                Re: @ST Companies always withhold details of security flaws

                > you get a 6 month window to fix it before it goes public

                Really? Since when? I always thought it was 90 days, not 6 months.

                January 2018 is a loooooooong way away from 90 days since first known, which is, presumably, June 2017.

                You gotta admire the Apple fanbois' logic clusterfuck. Sue Intel, but not Apple!!!! Unfair!!!.

                As if Intel making and selling defective chips is a completely different business than Apple making and selling defective SoC's.

            2. Anonymous Coward
              Anonymous Coward

              @ST are you being obstinate or are you just a moron?

              Apple had already released the iOS updates that fixed this PRIOR to the early disclosure, so saying "they didn't absolutely nothing about neither until the vulnerabilities were publicly exposed" is 100% wrong. Shouldn't all the downvotes without any upvotes your posts are receiving be a clue?

              1. Anonymous Coward
                Angel

                Re: @ST are you being obstinate or are you just a moron?

                Thank you for resorting to ad-hominem attacks and name-calling when losing the argument on its merits.

                Well done, Sir. Spoken like a true commentard.

                Here's the thing about downvotes: I don't care. I'm not here to be "popular" or collect "likes". I am here to speak my mind, and quote the facts as they are.

                There's another website where being popular and collecting likes is the main reason for participating: Facebook.

                Get a clue, or STFU.

    4. Naselus

      Re: Companies always withhold details of security flaws

      "The lawsuit is stupid"

      Even I agree on that; and even more so since they're trying to claim damages for products dating back to TEN YEARS before the vulnerability was discovered. That's just absurd.

      I could kinda see a suit arguing that the very newest iPhone models were mis-marketed as 'secure' when Apple already knew about the problem, but even that is tenuous since they were only on sale for a month or two before the patch came out and the vulnerability was zero-day.

      And it's not like the iPhone is primarily marketed as a security product - unlike, say, the Boeing Black or the Turing, which make security the cornerstone of the brand. No-one buys an iPhone for security first and foremost, since there's much more secure phones available at much lower costs. iPhones have pretty good security features for a consumer product, but they're still just a consumer item, so it's always going to be best endeavors.

    5. Doctor Syntax Silver badge

      Re: Companies always withhold details of security flaws

      "which would be bad for everyone but the black hats."

      And lawyers. Don't forget the lawyers. Their children need to eat.

  4. Neoc

    Well, that's going to get objected to real quick. "...since 2007"? Not likely. As much as I don't like Apple, they should only be responsible for products sold since they were aware of the problem. And that'll be a much harder date to pin down.

    1. Anonymous Coward
      Anonymous Coward

      "responsible for products sold since they were aware of the problem"

      So are you saying you think Apple should be responsible for products they sold after they became aware of the problem but before the fix was available? What should they have done, taken iPhones off the market during that time? Do you say that just about this particular flaw (and if so, why?) or about ANY sort of 0 day found against iOS?

      If so, should Intel have pulled all their CPUs off the market - with no explanation - last June when they became aware of this, until patches for all operating systems were ready? When someone finds a 0 day on Windows, should Microsoft contact Dell, HP, Lenovo and so forth and order them to quit selling PCs and servers until they have a fix?

      As for the date, that would be trivial to pin down. Apple will know when they were contacted about it, and whoever contacted them (the original bug discovered, Intel, not really sure who that was) will also know. That would be easily learned during the discovery phase during the trial process. I suppose you could argue that the correct date is when they did some testing and became certain their SoCs were vulnerable, rather than when they were notified "here's a problem with Intel CPUs, and maybe you want to check your own".

      1. Anonymous Coward
        Terminator

        Re: "responsible for products sold since they were aware of the problem"

        > What should they have done, taken iPhones off the market during that time?

        That's a bullshit argument, and you know it's bullshit.

        In Apple's case, how about having a patch ready on August 1, 2017? What would that have done for the users?

        After August 1, 2017, any user of a brand new iPhone would have gotten the patch the moment they activated their brand new iPhone. Any existing user of an iPhone would have gotten the patch as a normal iPhone update.

        August 1, 2017 sounds responsive and reasonable to me. Waiting until January 4, 2018 does not. It sounds a lot like "shit, the cat's out of the bag, now we really have to deal with this".

        The story with CES is pure bullshit too. Security vulnerabilities aren't patched according to the schedule of marketing trade shows. I'm pretty sure you know that too.

        1. Warm Braw

          Re: "responsible for products sold since they were aware of the problem"

          how about having a patch ready on August 1, 2017?

          How about having the Midland Metropolitan Hospital open next week? And maybe a Mars base by the end of March?

      2. Naselus

        Re: "responsible for products sold since they were aware of the problem"

        "What should they have done, taken iPhones off the market during that time?"

        This argument would have more weight if they hadn't launched and marketed several brand-new models in the time between learning of the vulnerability and implementing a fix for it. These would not have required pulling from the shelves, could have been pushed back a month or two so they were shipped post-patch, and were being sold with a significant flaw which the vendor was aware of but the customer was not.

        That does provide feasible grounds for legal action:

        a) Apple knew that both the 8 and the X had a severe security flaw

        b) Apple had a timetable for when they were going to fix said flaw, or at least knew when it was going public

        c) Apple were aware that the fix for the flaw would impact on performance (even if only a little) and yet

        d) Apple chose to push ahead with the launch prior to the fix in order to benefit from the Christmas sales period.

        A decent lawyer could spin that to win some damages, since the sales proposition Apple was offering was inaccurate (either in the level of security claimed to exist in the product, or else in the level of performance of the product, since either one or the other is inaccurate depending on if you deploy the patch or not), Apple knew it was at the time, and Apple took actions which allowed the company to benefit from the information disparity between themselves and the user.

        Fair or not, there's enough there for a good lawyer to argue with and at least get a hearing.

        What I don't see is how any lawyer, no matter how brilliant, could point to an Apple TV purchased in 2010 and claim that somehow the purchaser deserves compensation for a security bug that was discovered outside the useful life of the device. The ridiculous timeframe they're trying to cover makes it obvious this is just ambulance chasers, and amateurish ones at that. I wouldn't be surprised to see this case being thrown out based on the absurdity of the scope.

  5. Anonymous Coward
    Anonymous Coward

    Ambulance chasers

    The thing I love about these ambulance chasers is there has been no impact to them other than exploiting an opportunity to get rich quick. Perhaps they should sue someone driving past them as they could have had an accident and been injured.

    1. Voland's right hand Silver badge

      Re: Ambulance chasers

      Perhaps they should sue someone driving past them as they could have had an accident and been injured.

      Do you realize you are giving them ideas? They read the register - the Intel complaint was quoting El reg verbatim.

  6. a_yank_lurker

    Shysters at work.

    Since the flaws are in the chip design, the chip houses are the correct target for sue balls. Fruit, Slurp, etc might be able to mitigate some of the flaws in the OS but that is more by accident than by design. It is very likely there are couple chip faux pas that are not known/announced that can not be fixed in the OS. But shysters get to do what shysters do.

    1. Anonymous Coward
      Anonymous Coward

      Re: Shysters at work.

      In this case, Apple is both the "chip house" and OS vendor.

      In the case of Intel CPUs, the flaw is mitigated in software so Intel depends on Microsoft, Redhat, Apple and others who sell products incorporating Intel CPUs to make the fixes.

      Google 'Intel errata' and you'll find that every CPU Intel has ever sold has a lengthy list of flaws. Most aren't security issues, are corner cases and so forth but those that can be fixed (and not all can, others are just listed as "here's a bug you have to accept if you buy a Skylake") all fixed in software. Whether that's a microcode update that is delivered in firmware or a patch, or by an OS workaround, or (in more cases than you'd think) by compilers working around it, Intel can't guarantee the fix since they don't control the software environment of their CPUs.

      Now Google "Apple errata" or "Samsung errata" and you'll find nothing, because Apple and Samsung don't release errata information for their SoCs. And why should they, when they don't sell them on the open market to end users. But you can be sure both do have plenty of errata, because you can't build devices with billions of transistors without having plenty of bugs in your design.

      1. Anonymous Coward
        Devil

        Re: Shysters at work.

        > Apple and Samsung don't release errata information for their SoCs. And why should they, when they don't sell them on the open market to end users

        Really? When someone buys an iPhone or a Galaxy on the open market, there is no Apple or Samsung SoC being sold in that transaction?

        1. Anonymous Coward
          Anonymous Coward

          Re: Shysters at work.

          Not as a separate product no, so they aren't providing you specific information on that. Nor are they providing you specific information on the wifi chip it has, the glass used in the screen or the paint used to silk screen the writing on the back.

          I guess you think Ford is going to give you detailed specs and metallurgical analysis on the pistons in the Mustang you buy?

          1. Anonymous Coward
            Facepalm

            Re: Shysters at work.

            > Not as a separate product no, so they aren't providing you specific information on that. Nor are they providing you specific information on the wifi chip it has, the glass used in the screen or the paint used to silk screen the writing on the back.

            How is the WiFi chipset relevant to the fact that, when buying an iPhone on the open market, one does buy a defective-by-design SoC from Apple?

            Are you saying is that, because the SoC isn't packaged separately from the iPhone, Apple isn't selling it? Or because there's no information about the WiFi chip - which is a patently false assertion - there is no SoC sale? That's a steaming pile of bullshit.

            > I guess you think Ford is going to give you detailed specs and metallurgical analysis on the pistons in the Mustang you buy?

            What does this have to do with Apple?

            And yes, in case a defect is presumed to exist in the manufacturing of pistons on the Ford Mustang, detailed metallurgical analysis of the pistons will be provided. In Apple's case, the defect isn't presumed to exist, it is known to exist.

            What's your point, other than being unable to deal with losing an argument?

            1. Anonymous Coward
              Anonymous Coward

              Re: Shysters at work.

              You must be a lawyer, because only a lawyer would seriously argue liability for a flaw that no one even knew was possible until last year. Suing Apple is small potatoes, you are also arguing for suing Intel and all the major PC suppliers who have known about this flaw since last summer just like Apple, and didn't deliver a fix until recently just like Apple.

              Not to mention suing Samsung, Qualcomm, Google, and other major smartphone brands who also knew about this flaw for months and continued to sell phones and SoCs. The little guys are off the hook since they weren't in the loop until everyone else found out.

  7. Updraft102

    "Defendant has admitted that it released an update to its iOS operating system software to address the Meltdown technique in December, 2017, but Apple knew or should have known of the design defect much earlier and could have disclosed the design defect more promptly."

    So you're suggesting that Apple should be liable for all of the damage the Spectre and Meltdown vulnerabilities have triggered in that six months between discovery of the issue and the issuance of the fixes?

    Sounds fair. Easy too, given that even now, halfway through the next month, there still haven't been any attacks using Spectre or Meltdown in the wild. Getting that $0 judgment should be easy, but the lawyers aren't going to be happy with their 30% of that.

  8. Korev Silver badge
    Coat

    Disapointment

    No joke about the "Long Arm of the law"?

  9. Daniel Hall
    Pint

    Sign off

    Your sign off:

    "Apple did not return a request for comment on the suit."

    Might as well be added to every single Apple story you do lol

  10. Ryan Kendall

    Apple Joke

    What makes me laugh is the thought that a mobile device was 'secure' in the first place.

    The moment you install any apps, it's gone forever

  11. hj
    Devil

    and one count of unjust enrichment

    Yes, the one the ambulance chaser are trying to get...

    Icon, because of said chasers...

  12. schaafuit
    FAIL

    wishful thinking

    All those defenses of 'embargoes' and 'responsible disclosure' make me

    quite ill. And it's simple to explain why: it's self-deception, wishful

    thinking. To begin w/, how do we even know that at least *some* crackers

    didn't already figure this out in 1995, when the bugs were allegedly

    introduced?

    It's IMO better to be aware of the dangers, even if, at the time, we

    can't do a fsck about them. Instead of going along with this

    'responsible disclosure' poop that is essentially just a PR exercise

    to cover up for corporate (and communal) failings. Ugh.

  13. Anonymous Coward
    Anonymous Coward

    Unapologist

    This is groundless, since the processors were working as designed (see Intel's reaction).

    These three CVEs were only disclosing how external designers (malware writers) were circumventing the precautions taken. Similar to suing a tire manufacturer if driving over a spike punctures the tyre (or tire).

    I don't even know while this was worth trying.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like