Security researchers from the Georgia Institute of Technology and Ruhr University Bochum have recently discovered two critical vulnerabilities in Apple’s modern processors that could potentially compromise sensitive data when accessed through web browsers. These vulnerabilities, known as FLOP and SLAP, are rooted in Apple’s speculative execution feature, which is designed to boost processing speed by making educated guesses about memory addresses and data. While this feature can enhance performance, it also leaves behind traces in memory that can be exploited by malicious actors to access private information. The impacted processors start from the M2 and A15 generations, with the latest M3 and A17 processors being affected by FLOP and M2/A15 processors vulnerable to SLAP.
The FLOP vulnerability specifically targets Apple’s M3, M4, and A17 processors by taking advantage of errors in memory value predictions. When these predictions are incorrect, the processor temporarily uses the wrong data in computations, enabling attackers to extract sensitive information through cache timing attacks. This exploit could potentially allow threat actors to circumvent browser security defenses in web browsers like Safari and Chrome, leaking personal data such as Proton Mail inbox contents, Google Maps location history, and private events from iCloud Calendar. The attack relies on manipulating the processor to make incorrect predictions, leaking data before correcting the error.
On the other hand, the SLAP vulnerability impacts Apple’s M2 and A15 processors by exploiting mispredictions in the memory address prediction process. Attackers can train the CPU to anticipate specific memory access patterns and then manipulate it to access confidential data by changing the memory layout. This leads the processor to retrieve sensitive information that can then be revealed through side-channel attacks, exposing details like Gmail inbox content, Amazon order history, and Reddit user activity. Both vulnerabilities can be exploited remotely through malicious websites, sidestepping traditional security barriers like browser sandboxing and memory protections.
While Apple has acknowledged these vulnerabilities and is currently working on developing a patch, an official fix has yet to be released. In the interim, researchers advise users to disable JavaScript in browsers such as Safari and Chrome as a temporary precautionary measure. The remote execution nature of these attacks means that users do not need to install malware or physically access the affected devices, posing a significant threat to the millions of Apple users worldwide. The exploitation of these vulnerabilities underscores the dangers of side-channel weaknesses in modern hardware and underscores the importance of robust security protocols to safeguard sensitive data.
In conclusion, the exposure of these vulnerabilities highlights the ongoing battle between security researchers and cybercriminals, with the former striving to identify and patch weaknesses in technology to protect users from potential breaches. As technology continues to advance, it is essential for manufacturers like Apple to prioritize security measures in their products to mitigate the risk of exploitation and safeguard user data.