Apple faces lawsuit over Spectre and Meltdown CPU security flaws

After firing off writs against AMD and Intel, ambulance-chasing lawyers take aim at Apple

Apple has become the latest company to be targeted by ambulance-chasing lawyers looking to make a killing out of the Meltdown and Spectre CPU security flaws.

A 17-page complaint was filed earlier this month in a California court, blaming Apple for the security flaws in its A-series CPUs, based on the ARM micro-architecture.

However, the document doesn't cite the Intel microprocessors that the company uses in its range of Mac computers, which are equally exposed.

The US technology giant is accused of withholding details about the flaws from customers and selling vulnerable products to the public.

The plaintiffs are calling on Apple to pay damages to every consumer who has purchased an iPhone, iPad or Apple TV

On 9 January, Apple announced that a number of its products had been compromised by the flaw - including iOS, MacOS and tvOS, the operating system used in its Apple TV set-top boxes. The flaw could enable a sophisticated attacker to compromise information on a computing device, such as passwords and personal information.

At the moment, no exploit has been spotted in the wild, although the researchers who uncovered it have demonstrated proofs of concept.

"Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre," said the company at the time. "These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected."

Anthony Bartling and Jacqueline Olson, who filed the case against Apple, said: "Based upon information and belief, defendant [Apple] has known about the design defect giving rise to the security vulnerabilities since at least June 2017.

Even after it was aware of the security vulnerabilities, Apple continued to sell and distribute iDevices without a repair or having made a disclosure about the Apple processor security vulnerabilities

"[The] defendant has admitted that it released an update to its iOS operating system software to address the Meltdown technique in December, 2017, but Apple knew or should have known of the design defect much earlier and could have disclosed the design defect more promptly.

The plaintiffs are calling on Apple to pay damages to every consumer who has purchased an iPhone, iPad or Apple TV. They've accused Apple of committing breach of warranty, negligence and unjust enrichment.

They added: "Even after it was aware of the security vulnerabilities, Apple continued to sell and distribute iDevices without a repair or having made a disclosure about the Apple processor security vulnerabilities.

"The iDevices it sold and distributed were not of the quality represented and were not fit for their ordinary purposes."