New Apple CPU side-channel attacks steals data from browsers

New Apple CPU side-channel attacks steals data from browsers
Summary: Researchers from Georgia Institute of Technology and Ruhr University Bochum have identified severe side-channel vulnerabilities in modern Apple processors (FLOP and SLAP) that can potentially expose sensitive data from web browsers. These vulnerabilities stem from faulty predictive execution features in Apple’s chip architecture, affecting numerous models from the M2/A15 generation onward. Although Apple has acknowledged the vulnerabilities and plans to address them, they remain unmitigated and pose a significant risk to users who visit malicious websites.

Affected: Apple processors (M2, M3, A15, A17 series)

Keypoints :

  • FLOP attacks exploit incorrect Load Value Predictions leading to data leakage through cache timing.
  • SLAP attacks manipulate Load Address Predictions to access sensitive data remotely via malicious webpages.
  • Both vulnerabilities bypass existing security measures, allowing attackers to execute attacks simply by enticing victims to visit a harmful site.

Source: https://www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/