Yesterday, Intel expanded its bug bounty program to catch more issues like the extensive Meltdown and Spectre CPU flaws, but that was too little, too late for some chip owners. We knew three class-action lawsuits were filed in early January days after the vulnerabilities were publicized, but according to an SEC filing, the total has grown to 30 multi-party suits by customers and two securities suits. Most argue that Intel violated securities laws when it assured its products were safe to use, which the Meltdown and Spectre flaws revealed to be untrue.
The customer suits are seeking “monetary damages and equitable relief,” though they’re in such early stages that none have specified exact amounts. On top of that, the SEC filing revealed that the company faces two class-action suits from shareholders claiming Intel officials have failed to respond to alleged insider trading, likely referring to Intel CEO Brian Krzanich’s questionably-timed stock sale late last year.
The Meltdown and Spectre flaws were present in CPUs dating back to 1995. Per SEC filing, a Google security team informed Intel about chip vulnerabilities that would later be called Meltdown and Spectre in June 2017. News about the flaws emerged in early January, and Intel rushed out patches, some so crude that the company urged customers not to install them and wait for the next ones. Even as Intel continues to trickle out updates to its different chip lines, researchers keep finding new ways to exploit the vulnerabilities — luckily, they can be patched out, but they would likely be present in the Meltdown-and-Spectre-proof chips Intel claims it’s working on .
Via: The Verge
Source: Intel SEC filing