Intel hit with three class-action suits over Meltdown and Spectre
Intel slammed for not disclosing the flaws sooner - had 20 years to do so
Semiconductor giant Intel has been hit with three hurriedly launched class-action lawsuits following the disclosure of major flaws in microprocessor architectures disclosed last week.
Hundreds of millions - possibly billions - of devices are believed to be vulnerable to either one or both of the Meltdown and Spectre vulnerabilities, with processor architectures designed by AMD and ARM, as well as Intel, affected.
The flaws potentially enables an attacker to read data in memory that an exploit should not have access to. That could enable passwords and other private data to be gleaned, possibly with little more than Javascript code on a web page, which victims could be lured to.
As yet, though, no exploit has been seen in the wild and operating system makers have been devising patches to mitigate the risks.
Meltdown, according to reports, affects processors made by Intel since 1995, while the Spectre flaw also afffects CPUs designed by AMD and ARM.
Ambulance-chasing lawyers, though, have been unusually quick off the mark, launching class-action lawsuits in California, Oregon and Indiana in the US.
The lawsuits call for compensation from the company and criticise it for keeping the information from the public for months - while operating system manufacturers sought to develop kernel-level mitigations for the security flaws.
Intel has responded by releasing a statement, confirming that "it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment".
However, the cases also note that the patches that operating system vendors have designed could drastically affect performance. Intel denies this, though.
Last week, the company said: "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."
Bill Doyle, from Doyle APC, is one of the lawyers. He's representing Steven Garcia and Anthony Stachowiak, who approached a court in northern district of California.
"The security vulnerability revealed by these reports suggests that this may be one of the largest security flaws ever facing the American public," he claimed.
"It is imperative that Intel act swiftly to fix the problem and ensure consumers are fully compensated for all losses suffered as a result of their actions."
In these types of cases, consumers need to show that they've actually experienced some sort of harm or damage as a result of the claims.
Speaking to Law.com, Chris Cantrell of Doyle APC explained: "I fully expect there to be additional filings [on behalf of consumers and businesses] and that this will go the usual route of multidistrict litigation.
"Just the sheer number of devices that we're talking about… most of the desktop and laptop computers in use today."
Eric Johnson, dean of the Vanderbilt University Owen Graduate School of Management, told The Guardian: "The potential liability is big for Intel. Everybody will be scrambling over the next few days to figure out just how big it is."