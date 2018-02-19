Video: Fake Meltdown-Spectre patch emails hiding Smoke Loader malware

Intel says it faces 32 class action lawsuits over its handling of the Meltdown and Spectre CPU vulnerabilities.

"As of February 15, 2018, 30 customer class action lawsuits and two securities class action lawsuits have been filed," Intel reported in its 10-K SEC form on Friday.

The customer class action suits represent various end-user groups and are "seeking monetary damages and equitable relief". The suits claim that end users were "harmed by Intel's actions and/or omissions in connection with the security vulnerabilities".

Patently Apple reports that one of the class action lawsuits, filed by the City of Providence, is seeking $5bn from Intel.

Two more securities class action suits represent people who bought Intel stock between July 27, 2017 and January 4, 2018.

These lawsuits "allege that Intel and certain officers violated securities laws by making statements about Intel's products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities".

Intel said certain members of its board and officers are facing three separate shareholder derivative action suits in relation to alleged insider trading.

"The complaints allege that the defendants breached their duties to Intel in connection with the disclosure of the security vulnerabilities and the failure to take action in relation to alleged insider trading. The complaints seek to recover damages from the defendants on behalf of Intel."

The last three law suits appear to relate to Intel CEO Brian Krzanich selling $24m in stock and options in November, two months before the bugs were publicly disclosed. Google had reported the bugs privately to Intel in June 2017, about four months before Krzanich set up the stock-sale plan.

The Meltdown and Spectre lawsuits have been filed in US courts and courts in other countries. Given that proceedings are in the early stages, Intel says it can't make a reasonable estimate of the potential losses it could face. Additionally, it warned that it may face new lawsuits from other customers and shareholders seeking damages.

Meltdown and Spectre affect processors designs from Arm and AMD too, but only Intel chips are affected by all three variants of the CPU attacks.

Intel's hardware fixes for the CPU vulnerabilities have caused a variety of issues, from unexpected reboots to in some cases data loss.

Intel began supplying fresh updates for Skylake processors last week, which will be delivered as BIOS updates from PC makers. New updates for older chips such as Broadwell and Haswell are also coming.

The company initially said reboots were limited to older chips but later admitted newer chips were also affected and advised PC makers to stop distributing its microcode updates.

Intel notes in its SEC form that "recent publicity regarding side-channel exploits may also result in increased attempts by third parties to identify additional variants".

Indeed, this process is already occurring, with researchers at Princeton and Nvidia revealing last week that they have identified new variants of Meltdown and Spectre that could require chipmakers like Intel to create new hardware mitigations in addition to current fixes.

Intel last week announced a new limited-term bug bounty focusing on side-channel attacks, offering researchers up to $250,000 for new attacks like Meltdown and Spectre.

