Researchers have discovered two significant security flaws in Apple’s A- and M-series processors, named SLAP (Speculative Load Address Prediction) and FLOP (False Load Output Predictions), which put a wide array of Apple devices at risk. These vulnerabilities, affecting devices since 2021, including MacBooks, iPads, and iPhones, exploit speculative execution techniques to potentially expose sensitive user data such as credit card information, location history, and private emails.
SLAP targets Apple CPUs starting with the M2 and A15 chips, leveraging incorrect predictions in speculative execution to access out-of-bounds data. FLOP, affecting newer M3 and A17 chips, similarly exploits speculative execution through incorrect value predictions, compromising memory safety checks. Demonstrations of these vulnerabilities showed the potential for attackers to extract sensitive information from applications like Safari and Chrome, including private email data and credit card details.
The research underscores the critical nature of these hardware-level security flaws, which bypass protections meant to isolate web page data from malicious access. While FLOP can be mitigated with software patches, the complexity of these fixes means they are not user-implementable. Apple has acknowledged the vulnerabilities and is planning to release security updates. Users are advised to keep their devices updated to protect against these exploits.
Read more at Cyber Security News…