
Security experts from Georgia Institute of Technology and Ruhr University Bochum have identified two significant vulnerabilities in Apple’s silicon chips, potentially exposing sensitive data from popular web browsers. The attacks, dubbed SLAP (Data Speculation Attacks via Load Address Prediction) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions), were reported to Apple in mid-2024.
These vulnerabilities build upon the Spectre attack framework, exploiting weaknesses in the CPU’s speculative execution process. While speculative execution typically enhances processor performance by predicting and pre-executing instructions, these new attacks demonstrate how this feature can be manipulated to access unauthorized data.
SLAP Attack:
– Affects M2, A15, and newer chips
– Targets the Load Address Predictor (LAP)
– Can expose email content and Safari browsing history
– Exploits incorrect memory address predictions
FLOP Attack:
– Impacts M3, M4, and A17 chips
– Exploits the Load Value Predictor (LVP)
– Can access sensitive data including location history, calendar events, and credit card information
– Affects both Safari and Chrome browsers
The research team also noted that these attacks differ from traditional Spectre vulnerabilities, as they exploit data flow predictions rather than just control flow predictions. This discovery follows recent findings of other security vulnerabilities in Apple silicon, including the SysBumps KASLR break attack and the TagBleed vulnerability, highlighting ongoing security challenges in modern processor architectures.