A U.S. district judge dismissed a proposed class-action lawsuit against Apple that accused it of concealing Meltdown and Spectre security flaws and reducing performance of its devices by mitigating the vulnerabilities, which reduced value of their devices. The plaintiffs demanded a compensation to themselves as well as other owners of Apple devices affected by Apple's actions.
Accusers stated that Apple misrepresented the privacy and security of iPhones and iPads as well as performance of its custom SoCs on which Apple argued that plaintiffs' alleged misrepresentations are too general to be actionable and they have failed to allege that any specific representation was false.
"Plaintiffs have failed to allege an affirmative misrepresentation, an actionable omission, and actual reliance on misstatements by Apple," U.S. District Judge Edward Davila in San Jose, California, wrote in his ruling, reports Reuters.
Meltdown and Spectre security vulnerabilities were discovered in mid-2017 and then made public in early 2018. While Meltdown affected chips from Intel, Spectre hit virtually all modern high-performance processors with speculative and out-of-order execution. Affected chips included those from AMD and Intel as well as custom system-on-chips based on various Arm architectures, including those from Apple, Qualcomm, MediaTek and Samsung.
Mitigation of Meltdown and Spectre leads to degraded performance. Since Apple knew about vulnerabilities before they were made public and mitigated them before they were revealed, plaintiffs alleged that it deceived its customers by advertising security advantages of its iOS platform as well as performance advantages of its then latest system-on-chips compared to its previous generation SoCs. The accusers called Apple's actions fraudulent.
"Plaintiffs allege that Apple was notified of the defects in June 2017 but did not publicly disclose them until January 4, 2018, after a New York Times article leaked the vulnerabilities," the complaint reads. "Apple addressed speculative execution and Meltdown, disclosing that its December 2, 2017, iOS 11.2 update included a software update to address the vulnerability. On January 8, 2018, Apple separately released iOS 11.2.2, a software update to address Spectre."
The plaintiffs stated that if they had known about potential security vulnerabilities of Apple's hardware and software, they would not buy the company's products or would not pay the prices they did. Furthermore, after Apple made appropriate announcements, their devices declined in value.
"Plaintiffs assert that these vulnerabilities are material because, 'had they known data stored on their systems would be compromised and made available to unauthorized third parties,' they would not have purchased their iDevices or paid the price they did," the lawsuit reads. "After Apple made the announcements, the iDevices allegedly declined in value."
The court sided with Apple as all security and performance-related claims were correct at the time they were made.
"Because plaintiffs are unable to identify any statement from Apple that is both sufficiently specific to be actionable and was false when made, plaintiffs have failed to state a claim for fraud under an affirmative misrepresentation theory," the ruling reads.
Furthermore, since Apple's mitigations affected all its SoCs, performance comparisons between subsequent generations continued to be accurate even after mitigations were implemented as generation-to-generation performance advantages are not only conditioned by improved speculative or out-of-order execution advantages.
While the class-action lawsuit looks to be blown out of proportion, the ruling is an example of a case that exonerates companies from liability when they make certain claims about performance before other information comes to light that may change it.