Both SLAP and FLOP exploit a feature known as speculative execution, a technique used by modern CPUs to predict and pre-execute instructions for faster processing
Security researchers have identified two significant vulnerabilities in Apple’s custom silicon chips, named SLAP (Speculative Load Address Prediction) and FLOP (False Load Output Predictions). The flaws, found in the A-series and M-series processors, expose sensitive user information, including credit card details, location history, and private emails, to potential cyberattacks.
These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, and MacBooks released since 2021.
Exploiting Speculative Execution
Both SLAP and FLOP exploit a feature known as speculative execution, a technique used by modern CPUs to predict and pre-execute instructions for faster processing. While this boosts performance, it also creates security risks when the predictions are incorrect.
SLAP: Speculative Load Address Prediction
SLAP affects Apple processors starting with the M2 and A15 chips. It uses a Load Address Predictor (LAP) to anticipate the next memory address the CPU will access. If the prediction is wrong, the CPU may speculatively execute operations on unauthorised data.
Researchers demonstrated an attack on Safari where a remote adversary could recover private email content without elevated privileges.
FLOP: False Load Output Predictions
FLOP targets newer Apple chips, beginning with the M3 and A17 processors. It uses a Load Value Predictor (LVP) to estimate memory values before they are available. Incorrect predictions can bypass memory safety checks, exposing data.
Researchers showcased an attack using FLOP on browsers like Safari and Chrome, allowing hackers to access credit card details, calendar events, and location history.
Proof-Of-Concept Attacks
To illustrate the risks, researchers conducted successful proof-of-concept demonstrations:
Proton Mail Inbox Leak: By exploiting FLOP, researchers accessed data from Proton Mail, retrieving sender names and email subject lines via JavaScript running on Safari.
Literary Data Extraction: SLAP was used on an M2 chip to extract a secret string containing text from The Great Gatsby. FLOP similarly recovered text stored in memory but never directly accessed.
Affected Devices
The vulnerabilities impact a broad range of Apple devices:
All MacBooks (Air and Pro) from 2022 onward
All Mac desktops (Mac Mini, iMac, Mac Studio) from 2023 onward
iPad Pro, Air, and Mini models released since September 2021
All iPhones from the iPhone 13 series onward
These flaws compromise hardware-level protections designed to isolate web pages from each other’s data. By exploiting SLAP or FLOP, malicious websites can bypass safeguards and access sensitive information.
Mitigation & User Advisory
FLOP has potential software mitigations, but implementing them is complex and not feasible for end-users. Apple has acknowledged the vulnerabilities and plans to release security updates soon.
Users are advised to enable automatic updates and ensure their devices run the latest software versions to mitigate potential risks.
These discoveries underscore the evolving challenges in securing advanced chip architectures, highlighting the need for ongoing vigilance in safeguarding personal data.