Two hardwired vulnerabilities discovered last year in Intel processors are only now beginning to show their teeth, as revealed by Intel’s latest filing with the Securities and Exchange Commission (SEC).
Semiconductor chipmaker Intel, headquartered in Santa Clara, CA, faces at least 32 lawsuits over the Spectre and Meltdown vulnerabilities discovered by Google researchers in its chips.
Intel reveals its sticky situation in an SEC filing, a formal document (usually a financial statement) submitted by publicly traded companies to the U.S. Securities and Exchange Commission (SEC) annually.
Since the disclosure of Spectre and Meltdown last month, Intel says it got hit with 30 customer class-action lawsuits and two securities class-action lawsuits.
“The customer class action plaintiffs, who purport to represent various classes of end users of our products, generally claim to have been harmed by Intel’s actions and/or omissions in connection with the security vulnerabilities and assert a variety of common law and statutory claims seeking monetary damages and equitable relief,” the filing reads (under ‘Litigation related to Security Vulnerabilities’).
“The securities class action plaintiffs, who purport to represent classes of acquirers of Intel stock between July 27, 2017 and January 4, 2018, generally allege that Intel and certain officers violated securities laws by making statements about Intel’s products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities.”
Intel expects additional lawsuits, but says it disputes these claims and intends to “defend the lawsuits vigorously.” It also says it is “unable to make a reasonable estimate” of the financial impact – if any – from the discovery of the specified flaws in its products.
Finally, Intel admits that certain members of its board of directors are being accused of selling shares in the company before the news could lower its price on the stock market, in what is commonly referred to as insider trading.
This is a Security Bloggers Network syndicated blog post authored by Filip Truta. Read the original post at: HOTforSecurity