Summary: Researchers from Georgia Institute of Technology and Ruhr University Bochum have identified two new side-channel attacks on Apple silicon, known as SLAP and FLOP, which could compromise sensitive information in web browsers. These vulnerabilities exploit flaws in speculative execution techniques, potentially allowing adversaries to access user data through browser leaks. Apple has been informed about these issues in May and September 2024.
Affected: Apple Silicon (M2, M3, A15, A17 chips), Safari, Google Chrome
Keypoints :
- SLAP targets the Load Address Predictor (LAP) in M2 and A15 chips, enabling potential data retrieval from out-of-bounds memory.
- FLOP affects M3 and newer chips, exploiting the Load Value Predictor (LVP) to bypass memory safety checks and leak sensitive user information.
- These vulnerabilities extend the risk of previous attacks, such as iLeakage and SysBumps, illustrating the ongoing challenges with speculative execution security.
Source: https://thehackernews.com/2025/01/new-slap-flop-attacks-expose-apple-m.html