Fake Meltdown-Spectre patch emails hiding Smoke Loader malware Watch Now

Video: Fake Meltdown-Spectre patch emails hiding Smoke Loader malware

Intel says it faces 32 class action lawsuits over its handling of the Meltdown and Spectre CPU vulnerabilities.

"As of February 15, 2018, 30 customer class action lawsuits and two securities class action lawsuits have been filed," Intel reported in its 10-K SEC form on Friday.

The customer class action suits represent various end-user groups and are "seeking monetary damages and equitable relief". The suits claim that end users were "harmed by Intel's actions and/or omissions in connection with the security vulnerabilities".

Patently Apple reports that one of the class action lawsuits, filed by the City of Providence, is seeking $5bn from Intel.

Two more securities class action suits represent people who bought Intel stock between July 27, 2017 and January 4, 2018.

These lawsuits "allege that Intel and certain officers violated securities laws by making statements about Intel's products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities".

Intel said certain members of its board and officers are facing three separate shareholder derivative action suits in relation to alleged insider trading.

"The complaints allege that the defendants breached their duties to Intel in connection with the disclosure of the security vulnerabilities and the failure to take action in relation to alleged insider trading. The complaints seek to recover damages from the defendants on behalf of Intel."

The last three law suits appear to relate to Intel CEO Brian Krzanich selling $24m in stock and options in November, two months before the bugs were publicly disclosed. Google had reported the bugs privately to Intel in June 2017, about four months before Krzanich set up the stock-sale plan.

The Meltdown and Spectre lawsuits have been filed in US courts and courts in other countries. Given that proceedings are in the early stages, Intel says it can't make a reasonable estimate of the potential losses it could face. Additionally, it warned that it may face new lawsuits from other customers and shareholders seeking damages.

Meltdown and Spectre affect processors designs from Arm and AMD too, but only Intel chips are affected by all three variants of the CPU attacks.

Intel's hardware fixes for the CPU vulnerabilities have caused a variety of issues, from unexpected reboots to in some cases data loss.

Intel began supplying fresh updates for Skylake processors last week, which will be delivered as BIOS updates from PC makers. New updates for older chips such as Broadwell and Haswell are also coming.

The company initially said reboots were limited to older chips but later admitted newer chips were also affected and advised PC makers to stop distributing its microcode updates.

Intel notes in its SEC form that "recent publicity regarding side-channel exploits may also result in increased attempts by third parties to identify additional variants".

Indeed, this process is already occurring, with researchers at Princeton and Nvidia revealing last week that they have identified new variants of Meltdown and Spectre that could require chipmakers like Intel to create new hardware mitigations in addition to current fixes.

Intel last week announced a new limited-term bug bounty focusing on side-channel attacks, offering researchers up to $250,000 for new attacks like Meltdown and Spectre.

Previous and related coverage

Meltdown-Spectre flaws: We've found new attack variants, say researchers

Intel and AMD may need to revisit their microcode fixes for Meltdown and Spectre.

Linux Meltdown patch: 'Up to 800 percent CPU overhead', Netflix tests show

The performance impact of Meltdown patches makes it essential to move systems to Linux 4.14.

Spectre reboot problems: Now Intel replaces its buggy fix for Skylake PCs

And offers patching tips from US CERT, which it failed to brief on the bugs.

Meltdown-Spectre: Malware is already being tested by attackers

Malware makers are experimenting with malware that exploits the Spectre and Meltdown CPU bugs.

Windows emergency patch: Microsoft's new update kills off Intel's Spectre fix

The out-of-band update disabled Intel's mitigation for the Spectre Variant 2 attack, which Microsoft says can cause data loss on top of unexpected reboots.

Meltdown-Spectre: Why were flaws kept secret from industry, demand lawmakers

Great work on patching your own products, but why were smaller tech companies kept in the dark?

Spectre flaw: Dell and HP pull Intel's buggy patch, new BIOS updates coming

Dell and HP have pulled Intel's firmware patches for the Spectre attack.

Windows 10 Meltdown-Spectre patch: New updates bring fix for unbootable AMD PCs

AMD PCs can now install Microsoft's Windows update with fixes for Meltdown and Spectre and the bug that caused boot problems.

Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch

Intel's firmware fix for Spectre is also causing higher reboots on Kaby Lake and Skylake CPUs.

26% of organizations haven't yet received Windows Meltdown and Spectre patchesTech Republic

Roughly a week after the update was released, many machines still lack the fix for the critical CPU vulnerabilities.

Bad news: A Spectre-like flaw will probably happen again CNET

Our devices may never truly be secure, says the CEO of the company that designs the heart of most mobile chips.