Apple wins lawsuit claiming it misled users over Spectre and Meltdown security flaws

(Image credit: Future)

A class-action lawsuit against Apple for allegedly misleading customers regarding the notoious Spectre and Meltdown vulnerabilities has been dismissed.

Reuters reported U.S. District Judge Edward Davila, in San Jose, California, ruled that the plaintiffs did not prove Apple knew about the vulnerabilities and kept quiet, selling their products at inflated prices, as a result. They also failed to prove Apple provided security patches that significantly slowed down the performance of the devices.

Apple, as well as other tech giants, first reported discovering the two flaws in early 2018. The customers, who filed the class-action lawsuit at the time, claimed Apple knew about the flaws as early as June 2017, but kept quiet about it until a New York Times report basically forced them to speak.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022

<a href="" data-link-merchant=""" target="_blank">Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the <a href="" data-link-merchant=""" data-link-merchant=""" target="_blank">end of this survey to get the bookazine, worth $10.99/£10.99.

Vague claims and affirmative misrepresentation

But the judge says the plaintiffs failed to prove they relied on Apple’s marketing, when making their purchase choices. Apple’s claims that their devices were “secure” and “built with privacy in mind” were too vague to support their claims. The judge also said that Apple’s claims of newer processors being faster than the older ones weren’t false, just because patches may have slowed them down.

"Plaintiffs have failed to allege an affirmative misrepresentation, an actionable omission, and actual reliance" on misstatements by Apple, Davila wrote.

The plaintiffs now have until June 30 to appeal the decision.

Spectre and Meltdown were two major vulnerabilities, discovered in early 2018, which allowed threat actors to read the contents of the memory in a vulnerable endpoint. Following up on the initial reports, researchers later discovered that practically all devices built in the last decade were vulnerable.

It turned out to be one of the greatest vulnerabilities of all time.

To make matters even worse, many OEMs scrambled to get a fix out as soon as possible, pushing incomplete solutions that only slowed the devices down, and in some cases, even bricking them entirely.

Via: Reuters

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.