Apple’s Homemade Chips Vulnerable to FLOP and SLAP Attacks
Recent discoveries have brought to light vulnerabilities within Apple’s A and M-series chip sets, putting users at risk of having their credit card information, locations, and other sensitive data compromised while using Safari and Chrome browsers to access sites like iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, known as FLOP and SLAP attacks, are the result of the chips’ speculative execution feature, which helps improve performance by predicting the control flow the CPUs should take.
Researchers from the University of Georgia have conducted a thorough analysis of these vulnerabilities and have outlined potential mitigations to address them. FLOP, or Faulty Load Operation Predictor, targets the Load Value Predictor (LVP) in Apple’s chipsets, tricking it into predicting incorrect memory values during speculative execution. This allows attackers to access a wide range of sensitive information, including location history, email content, calendar events, and credit card details. FLOP works on various Apple devices released from 2021 onwards and requires the victim to interact with a malicious page while logged into sensitive websites.
On the other hand, SLAP, or Speculative Load Address Predictor, exploits the Load Address Predictor (LAP) in Apple silicon to predict memory locations and access data from other browser tabs like Gmail, Amazon, and Reddit. While SLAP is limited to Safari and has a narrower scope compared to FLOP, it still poses a threat to user privacy and highlights the risks associated with speculative execution and browser process isolation.
Apple has been made aware of these vulnerabilities, and while reports suggest that they plan to release patches to address the issue, the company has denied any immediate risk to its users. It is essential for Apple users to stay vigilant and take necessary precautions to protect their sensitive data while browsing online.
In conclusion, the discovery of FLOP and SLAP attacks on Apple’s homemade chips serves as a reminder of the constant threats posed by cyber attackers and the importance of implementing robust security measures to safeguard user information. As technology continues to evolve, it is crucial for companies like Apple to prioritize user privacy and security to maintain trust and confidence among their customers.