Apple Faces Class Action Lawsuit Over Meltdown And Spectre Bugs

Apple has already released a number of fixes for the two security flaws, but plaintiffs say the patches require customers to implement security updates that could slow down their devices Justin Sullivan/Getty

Apple has been hit with a class action lawsuit over the Meltdown and Spectre cyber security flaws that came to light earlier this month, compromising the safety of nearly every computer and device.

New York lawyer Mark Rifkin, who specializes in complex class action claims surrounding corporate fraud, filed the complaint on January 8 on behalf of plaintiffs Anthony Bartling and Jacqueline Olson, as well as anyone else who has purchased a device affected by the two vulnerabilities.

The lawsuit alleges that Apple knowingly sold devices with the security flaws to customers who purchased products after June 1, 2017, when the company is believed to have found out about at least one of the vulnerabilities.

It also argues that consumers should have been made aware of the fact that updating software on their devices to fix the security flaws could cause a performance slowdown, affecting the quality of their products–an issue which only came to light in recent months.

Meltdown is a flaw affecting laptops, desktop computers and internet servers with Intel chips and allowing hackers to steal data, including passwords that saved in Web browsers.

Spectre is a vulnerability affecting chips in smartphones and tablets, as well as computer chips from Intel and Advanced Micro Devices Inc. that allows for hackers to manipulate apps into leaking sensitive information. Intel has already faced a number of lawsuits in relation to the security flaws, including a class action suit filed by Rifkin's law firm, Wolf Haldenstein.

Read more: Meltdown, Spectre: What we know about the major cyber security flaws

The security flaws were discovered by a team of researchers last year and Google has confirmed that it informed affected companies about Spectre on June 1, 2017 and later, about Meltdown sometime before July 28, 2017.

"ARM Holdings PLC, the company that licenses the ARM architecture to Apple, admits that it was notified of the Security Vulnerabilities in June 2017 by Google's Project Zero and that it immediately notified its architecture licensees (presumably, including Apple)," the class action suit states.

"Knowingly selling devices with a security vulnerability is a signficant deviation from waht we would expect of a responsible manufacturer," Rifkin told Newsweek.

"I think consumers have every right to be disappointed that Apple would put these phones into the marketplace with that security vulnerability and without any kind of warning to consumers."

Read more: Slow iPhone Scandal: Senator Demands Answers From Apple CEO Tim Cook

According to Google, a disclosure date for the security flaws had been coordinated for January 9, but researchers decided to bring the bugs to light ahead of that date "because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation."

The class action lawsuit argues that because Apple continued to sell and distribute iDevices without a repair or having notified consumers about the vulnerabilities, the products it sold and distributed "were not of the quality represented and were not fit for their ordinary purposes."

Apple has already released a number of fixes for the vulnerabilities, with more expected, but plaintiffs point out in their filing that customers would be forced to implement iOS updates on their phone, which it recently came to light can cause a slowdown in speed.

Had Apple customers known about the security vulnerabilities and the slowdown in speed "and thus decrease in quality and value" that would come with the fixes to the two bugs, they would not have purchased the iDevices, the filing states.

As a result, it argues that customers affected by the security flaws have "suffered an ascertainable injury and a loss of money or property as a result of [Apple's] wrongdoing."

Apple is already facing dozens of lawsuits accusing the company of intentionally slowing down older iPhones and failing to disclose the move, which the company has claimed is a technique to save the battery life on devices.

"I understand that batteries have a certain shelf life to them and batteries slow down and Apple's solution was to try to stretch the life of the battery, but in doing so, they slowed people's devices down. But again, they should have told people," Rifkin said.

The amount in compensatory damages plaintiffs will be seeking has yet to be determined, but they have also demanded that Apple be barred from engaging in what they allege is "wrongful conduct."

Apple did not immediately respond to a request for comment.