Home » Technology » Breaking: Apple Silicon Hit by New “FLOP” and “SLAP” Cyberattacks!

Breaking: Apple Silicon Hit by New “FLOP” and “SLAP” Cyberattacks!

Photo of author

By Harper Westfield

Breaking: Apple Silicon Hit by New “FLOP” and “SLAP” Cyberattacks!

Photo of author

By Harper Westfield

This week, researchers from the Georgia Institute of Technology and Ruhr University Bochum disclosed details about two new side-channel speculative execution attacks impacting Apple’s silicon chips, named SLAP and FLOP. These attacks are detailed on a dedicated website, Predictors.Fail, which includes examples, detailed documentation, and access to the research papers.

To grasp the essence of these threats, it’s crucial to understand what speculative execution attacks involve. Previously, in March last year, I discussed a speculative execution attack known as GhostRace. Further back, in 2016, the Meltdown and Spectre attacks brought this issue to mainstream attention. Speculative execution is a technique used by CPUs to predict and perform tasks ahead of time, enhancing performance. However, this feature can lead to security vulnerabilities that are difficult to rectify without compromising system performance.

While SLAP and FLOP represent new forms of speculative execution attacks, the underlying principles are already familiar to cybersecurity professionals.

SLAP stands for Data Speculation Attacks via Load Address Prediction. This attack takes advantage of the Load Address Predictor in Apple Silicon, which anticipates the next memory address that the CPU will access. Attackers can manipulate this predictor to make incorrect guesses, potentially leading to the theft of sensitive data such as emails and browser history. This vulnerability affects Apple’s CPUs starting from the M2 and A15 models.

On the other hand, FLOP, which stands for False Load Output Predictions, targets the Load Value Predictor of Apple Silicon. This component predicts the data values that will be returned from memory in the next cycle. By causing it to predict inaccurately, an attacker could bypass memory safety measures, risking exposure of personal information such as credit card details and location history.

See also  $6.2 Billion COVID Relief to Rapidus Ignites Outrage in Japan!

Apple has responded to these findings, as reported by Bleeping Computer, expressing gratitude towards the researchers for their efforts in advancing the understanding of such security threats. However, Apple also noted that they do not see these issues as posing immediate risks to users.

The researchers mentioned that, although these vulnerabilities were reported to Apple in March (SLAP) and September (FLOP) of 2024, there have been no known exploitations in the wild. They suggest that users who want to mitigate these risks can disable JavaScript in Safari, the browser they tested, on their Apple devices. However, this workaround may lead to significant compatibility issues with many websites. It is hoped that Apple will address these vulnerabilities with a more permanent solution soon.

Similar Posts

Rate this post
Share this :

Leave a Comment