Categories
Apple Apple Silicon Apps Developer Hack Hacks Hardware iPad iPad Air iPad mini iPad Pro iPhone iPhone iPhone 12 iPhone 13 iPhone 14 iPhone 15 iPhone 16 iPhone SE M2 M3 M4 Mac Mac Desktop Mac mini Mac Pro Mac Studio MacBook MacBook Air MacBook Pro macOS Malware News privacy Processors security Software

Security researchers cite SLAP and FLOP vulnerabilities found in a wide array of Apple Silicon hardware

As nifty as the Apple Silicon processors are, there’s currently an exploit present in the hardware that allows potential hackers to siphon private data. The processors, which offer a speculative execution feature that guesses what you’ll need next, are generally right as to what you’ll need. Still, when these guesses are incorrect, they can create vulnerabilities that hackers could use to access sensitive information, like emails and credit card details. SLAP & FLOP attacks

Researchers from the Georgia Institute of Technology have identified two new Apple Silicon security vulnerabilities in Apple’s recent CPUs, named SLAP and FLOP. These attacks exploit features in the M2, M3, A15, and A17 chips that are supposed to improve performance. The problem lies in how Apple’s processors try to predict memory operations to speed up tasks. When these guesses are wrong, they accidentally open the door for hackers. SLAP (speculative execution via Load Address Prediction) offers access to private data, like email content, by tricking the processor into using out-of-bounds memory. FLOP (False Load Output Prediction) bypasses memory safety checks even further.

The team has demonstrated how SLAP could be used to extract private emails from Safari and how FLOP could recover sensitive data like credit card details. While there’s no evidence of hackers exploiting these flaws in the wild yet, the potential is there.

The attacks are similar to other speculative execution attacks such as Spectre and Meltdown, which created widespread security concerns a few years ago. The difference this time is that the attacks specifically target Apple’s hardware.

Apple has yet to release a fix, but has stated that it’s aware of the Apple Silicon vulnerabilities. The researchers who found SLAP and FLOP notified Apple about a year ago for one flaw, and about six months ago for the other. Still, true fixes may have to be incorporated at the hardware level.

In the meantime, keep your devices patched with the latest software and updates, including security patches. Avoid untrusted websites and disable JavaScript when not needed. Browser extensions that block scripts can also help, and just follow your instincts if something seems off.

Stay tuned for additional details as they become available.

Via AppleInsider and predictors.fail

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.