Tag Archive for: meltdown

Apple wins class-action over Spectre and Meltdown security flaws


Four years ago, we learned of the Spectre and Meltdown security flaws affecting Mac and iOS devices. This week, a US judge is dismissing a proposed class-action lawsuit that accuses Apple of defrauding customers, according to Reuters.

Background

Back in 2018, Meltdown and Spectre security flaws were affecting ARM-based and Intel processors. While all Mac and iOS devices were hurt by the vulnerability, Apple stated there were no known exploits affecting customers.

The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory – including that of the kernel – from a less-privileged user process such as a malicious app running on a device.

Apple defeats the class-action lawsuit over security flaws

U.S. District Judge Edward Davila in San Jose, California said customers failed to prove that they overpaid for their devices because Apple knowingly concealed defects, and provided security patches that made its devices significantly slower.

Reuters says the lawsuit came after Apple revealed the Meltdown and Spectre security flaws in 2018. These flaws could potentially let hackers access computer devices and steal memory contents. Customers claimed Apple first learned about the flaws in June 2017 and didn’t share until the New York Times reported the issue.

Davila dismissed the case as Apple assertions that its products were ‘secure’ and ‘private’ were too general to support customer claims. Davila also stated that the company’s marketing wasn’t false or misleading. By saying its newer processors were faster and longer-lasting wasn’t a falsehood as the patches may have disrupted performance.

While lawyers for the plaintiffs have yet to comment, Davila has given them until June 30 to repeal their claims.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

Source…

Garmin’s four-day service meltdown was caused by ransomware

Garmin logo on an dark wall.

Enlarge (credit: Ian Usher / Flickr)

GPS device and services provider Garmin on Monday confirmed that the worldwide outage that took down the vast majority of its offerings for five days was caused by a ransomware attack.

“Garmin Ltd. was the victim of a cyber attack that encrypted some of our systems on July 23, 2020,” the company wrote in a Monday morning post. “As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation.” The company said it didn’t believe personal information of users was taken.

Garmin’s woes began late Wednesday or early Thursday morning as customers reported being unable to use a variety of services. Later on Thursday, the company said it was experiencing an outage of Garmin Connect, FlyGarmin, customer support centers, and other services. The service failure left millions of customers unable to connect their smartwatches, fitness trackers, and other devices to servers that provided location-based data required to make them work. Monday’s post was the first time the company provided a cause of the worldwide outage.

Read 12 remaining paragraphs | Comments

Biz & IT – Ars Technica

Intel ‘intentionally hid’ Meltdown and Spectre from US cyber security officials

  1. Intel ‘intentionally hid’ Meltdown and Spectre from US cyber security officials  The INQUIRER
  2. Intel Kept US Cyber Security Agencies In The Dark About Spectre And Meltdown  Hot Hardware
  3. Intel did not disclose chip flaw to US government despite risk to national security  Telegraph.co.uk
  4. Intel did not tell US cyber officials about chip flaws until made public  Reuters
  5. Full coverage

computer security news – read more

Technology Feature: The Meltdown and Spectre computer security challenges: an opportunity for Montserrat?

  1. Technology Feature: The Meltdown and Spectre computer security challenges: an opportunity for Montserrat?  Montserrat Reporter
  2. Intel Bug Bounty offers big rewards – up to $ 250K – for finding security exploits  Sacramento Bee
  3. Microsoft’s free analytics service sniffs out Meltdown, Spectre patch status  Computerworld
  4. Intel Bug Bounty Program – Intel Security Center  Intel Security Center
  5. Hate to ruin your day, but… Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits  The Register
  6. Full coverage

computer security news – read more