
Security researchers from Georgia Institute of Technology and Ruhr University Bochum have uncovered two significant vulnerabilities in modern Apple processors, dubbed FLOP and SLAP. These side-channel attacks exploit flaws in speculative execution implementation, similar to previous Spectre and Meltdown vulnerabilities.
FLOP (False Load Output Prediction)
– Affects Apple M3, M4, and A17 processors
– Exploits CPU’s Load Value Prediction feature
– Can leak sensitive data through cache timing attacks
– Demonstrated ability to:
* Escape Safari’s sandbox
* Access Proton Mail inbox data
* Retrieve Google Maps location history
* Extract iCloud Calendar events
SLAP (Speculative Load Address Prediction)
– Impacts Apple M2, A15, and newer processors
– Exploits Load Address Prediction mechanism
– Allows attackers to access unauthorized memory addresses
– Successfully demonstrated extraction of:
* Gmail inbox contents
* Amazon order history
* Reddit user activity
Security Implications:
– Attacks can be executed remotely through malicious websites
– No physical access or malware installation required
– Bypasses browser sandboxing and memory protections
– Exploitable through JavaScript or WebAssembly code
Current Status:
– Vulnerabilities disclosed to Apple (SLAP: March 24, 2024; FLOP: September 3, 2024)
– Apple acknowledges the issues but considers them non-immediate risks
– No patches currently available
– Temporary mitigation: Disable JavaScript in Safari and Chrome