Archive for January 5, 2018

Apple Is Facing Two Potential Lawsuits In Canada Over “BatteryGate”

Posted in Commentary with tags on January 5, 2018 by itnerd

Adding to the 18 23 lawsuits that I’ve noted since “BatteryGate” started, comes two law firms in the province of Quebec who are looking to file a pair of class action lawsuits against Apple:

Apple’s acknowledgment of the battery issue along with the price of Apple products, is evidence that the company is violating Quebec’s Consumer Protection Act, said Joey Zukran, a lawyer at LPC Avocats, which filed the application for authorization along with Renno Vathilakis Avocats.

Zukran stated that “There’s something wrong with this. The law is very clear on this point, especially on electronic devices, that the manufacturer of the product … has to guarantee the product for a reasonable amount of time.”

Currently, purchasers of Apple products receive a one-year limited warranty while they’re able to purchase an AppleCare extended warranty. According to Zukran, that’s not enough.

Under Quebec’s Consumer Protection Act, goods “must be durable in normal use for a reasonable length of time, having regard to their price, the terms of the contract and the conditions of their use.”

In the filing the law firm noted that “Considering the high prices paid by Class Members for Apple products, in normal use Apple products are not durable for a reasonable length of time.”

The law firm noted that it would also be seeking punitive damages of $300 per class member and it would ask the court to declare that a reasonable amount of time for Apple products to last would be six years.

Now I am a computer nerd, not a lawyer, but what they want from the courts sounds like a bit of a stretch to me. But these day, anything can happen. So we’d have to watch and see where this goes. It will be interesting to see if (a) this gets the go ahead from the courts to be filed as a class action, and (b) if these guys actually come out on top somehow.

Advertisements

Surprise! Intel Gets Sued Over Epic CPU Vulnerabilities

Posted in Commentary with tags on January 5, 2018 by itnerd

To the surprise of nobody on planet Earth, Intel is facing multiple class-action lawsuits over the Meltdown and Spectre vulnerabilities. The Guardian is reporting that three separate suits have been filed by plaintiffs in California, Oregon and Indiana. The plaintiffs are seeking compensation because of the security vulnerability as well as Intel’s failure to disclose it in a timely fashion. On top of that, they want compensation for whatever slowdown to their PCs that will be caused by the fixes needed to address the security concerns.

I’m predicting that this is only going to get worse for Intel. There will be more lawsuits filed, and some of those will come from cloud providers like Amazon, Google and Microsoft who care about how the speed and security issues related to this impact their businesses.

Get the popcorn ready, because Intel has a full blown disaster on its hands.

There’s Good News & Bad News When It Comes To Microsoft’s Response To The Epic Intel CPU Bug

Posted in Commentary with tags on January 5, 2018 by itnerd

Good news #1: If you’re running the latest version of Windows 10 which is build 1709, Microsoft is rolling out a fix that addresses the Meltdown vulnerability as I type this. There’s a support document related to this fix that strangely does not speak to this specifically. But the fix has to be in there as Microsoft is rolling out this fix outside their normal “Patch Tuesday” schedule which is something that they only do in emergency situations.

Good news #2: If you use Microsoft’s cloud based services, Microsoft is also updating them with the latest firmware and software patches, and these updates are rolling out now as well.

Bad news #1:  There’s another support document from Microsoft that says that unless a registry key is updated by the antivirus package that you’re using, installing the security patch can result in a blue screen of death. For that reason, Microsoft said it has set the update to only apply when the registry key has been changed. In other words, antivirus tools must set the key when they are confirmed to be compatible with operating system update. The patch introduces a significant change to the design of Windows’ internal memory management, and this is probably tripping up anti-malware tools, which dig into and rely on low levels of the system. Some AV vendors have already issued updates to change the key, and allow the fix to be applied without causing any issues.  While others have an update in the works to be released this week or early next week. In other words, you might want to check with your antivirus vendor to see if you’re good before installing the patch. Failing that, you can check this list to see if you’re good.

Bad news #2: If you’re running an older version of Windows, say Window 7 or 8.1, then you won’t get this fix until next week when “Patch Tuesday” rolls around. I guess that’s a hint from the folks in Redmond that you should really be running Windows 10.

Bad news #3: If you have anything older than a Skylake processor in your PC, it could run slower with the patches installed. Intel has said that any performance hit would be “workload dependent” without saying what exactly that means in real terms.

Bottom line: Install the patches after you sanity check to see if they won’t blue screen your PC. But don’t be surprised if the PC runs a touch slower. But at least you can sleep week knowing that you’re protected if it does.

UPDATE: A reader pointed me towards another Microsoft support document that speaks to how to install these patches on Windows Server. Just reading through it suggests that I am going to be busy for the next little while because the person running the server has to follow what’s in this document to the letter to mitigate this issue.

 

Apple Posts Support Doc Saying That They’re Affected By The Epic Intel CPU Vulnerability

Posted in Commentary with tags on January 5, 2018 by itnerd

Apple late yesterday posted a new support document covering Meltdown and Spectre which are the two CPU vulnerabilities that affect Intel and other CPUs. It confirms that if you are running iOS 11.2, macOS 10.13.2, and tvOS 11.2, you don’t have to worry about the Meltdown vulnerability because they fixed that when this issue wasn’t widely known. Additional fixes are coming to Safari in the near future to defend against the “Spectre” vulnerability.

Now those of you who noted that iOS and tvOS are on the list, and concluded that iPhone, iPads and Apple TV’s are affected by this issue. Good catch.

Now one thing that isn’t clear is if these vulnerabilities have been addressed in older versions of iOS and Mac. In the case of the Mac there were security updates for older versions of macOS released alongside macOS 10.13.2, so it’s possible fixes are already available for Sierra and El Capitan. But I would say that the safest thing to do is to update your Mac, or any of your Apple devices to the latest version of whatever OS they use to be safe.

UPDATE: I just found this document that says that these fixes are also in security updates for macOS Sierra and El Capitan. Specifically:

Kernel

Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6

Impact: An application may be able to read kernel memory

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

CVE-2017-5754: Jann Horn of Google Project Zero, Werner Haas and Thomas Prescher of Cyberus Technology GmbH, and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology

UPDATE #2: Strangely, this document which this morning said Sierra and macOS Sierra and El Capitan has the fixes for this vulnerability (and I copied and pasted that in my first update) has since been altered to exclude these two operating systems. Thus it’s unclear if the fixes for this vulnerability are there for those two operating systems or not. On top of that, this document now references watchOS and the fact that it didn’t require any fixes.