Apple devices equipped with M2 and A15 chips or later, including iPhones, iPads, Macs, and Mac desktops, are susceptible to newly discovered security vulnerabilities. These flaws, known as SLAP (Data Speculation Attacks via Load Address Prediction on Apple Silicon) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions), can potentially allow attackers to glean information from open web browser tabs, exposing sensitive data like passwords and financial details. The vulnerabilities were initially reported by Bleeping Computer and detailed on the predictors.fail website.
These vulnerabilities are not software-based but stem from hardware flaws in the CPUs themselves, making them vulnerable to side-channel attacks. These attacks analyze CPU activity, leveraging factors such as power consumption, timing, and sound to deduce information about user behavior. Similar to the 2018 Spectre and Meltdown exploits, these attacks exploit inherent CPU design characteristics.
The core issue lies in the performance optimization techniques employed in modern CPUs, including Apple Silicon. While not exclusively an Apple problem, these optimizations create vulnerabilities that attackers can exploit. To understand the vulnerabilities, it’s important to grasp how CPUs execute instructions.
Computer programs comprise a sequence of instructions executed by the CPU. These instructions often involve branching logic, such as “If A then do X, if B then do Y,” creating complex execution paths. Modern CPUs employ speculative execution, also known as branch prediction, to enhance performance. This technique predicts the most likely execution path and preemptively executes instructions along that path, improving efficiency.
SLAP and FLOP flaws on Apple Silicon.
However, these predictions aren’t always accurate. Incorrect predictions create vulnerabilities that SLAP and FLOP exploit, allowing attackers to access sensitive data even when protected by software. SLAP specifically targets the Safari browser, while FLOP extends its reach to Chrome. Researchers have demonstrated the feasibility of these attacks, though there’s currently no evidence of active exploitation by cybercriminals.
The researchers disclosed their findings to Apple last year, and Apple reportedly acknowledged the issue and planned to address it. However, despite the publication of research papers detailing the vulnerabilities, Apple’s official response remains limited to a statement to BleepingComputer downplaying the immediate risk to users.
Although these attacks are not malware-based, they still originate from malicious websites. While awaiting security updates, users are advised to exercise caution and avoid suspicious links and URLs to mitigate potential risks. Protecting yourself from these types of attacks requires vigilance and awareness of online threats.
