Recent security research has uncovered two significant vulnerabilities within Apple-designed chips that are utilized in a wide range of devices, including Macs, iPhones, and iPads. These vulnerabilities have the potential to leak sensitive information, such as credit card details and geographical locations, particularly when users access various websites through popular browsers like Chrome and Safari. Notably affected sites include iCloud Calendar, Google Maps, and Proton Mail, which are frequently visited by users who rely on these platforms for personal and professional purposes.

The vulnerabilities in question affect the central processing units (CPUs) found in the more recent generations of Apple’s A-series and M-series chipsets. These vulnerabilities expose the devices to a category of exploits known as side channel attacks. Such attacks are particularly insidious because they can infer private information by monitoring indirect indicators such as timing discrepancies, acoustic signals, and variations in power consumption. Both of the identified side channels stem from the chips’ implementation of a technique called speculative execution. This performance optimization strategy is designed to enhance processing speed by predicting the control flow of the CPU, allowing it to execute instructions in a presumed order rather than strictly adhering to the program’s original sequence.

Researchers have proposed a series of mitigation strategies aimed at addressing the vulnerabilities that enable two specific types of attacks: FLOP and SLAP. In discussions with the researchers, Apple representatives have indicated in private conversations their intention to release patches to mitigate these vulnerabilities. However, when approached for an official comment, an Apple spokesperson chose not to confirm any specific plans for such patches. Instead, the representative expressed gratitude towards the researchers for their collaboration, stating, “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats.” The spokesperson further noted, “Based on our analysis, we do not believe this issue poses an immediate risk to our users.”

To delve deeper into the technical details, FLOP, which stands for Faulty Load Operation Predictor, exploits a specific vulnerability found in the Load Value Predictor (LVP) integrated into Apple’s A-series and M-series chipsets. By manipulating the LVP to inaccurately predict memory values during the process of speculative execution, attackers can potentially gain access to highly sensitive information. This may include personal data such as location history, email content, calendar events, and credit card information. The FLOP attack can be executed through both Safari and Chrome browsers and impacts a range of devices, including Macs manufactured from 2022 onward, as well as iPads and iPhones released since September 2021. A critical aspect of this attack is that it requires the victim to engage with a malicious webpage while simultaneously logged into sensitive accounts, which elevates the risk due to the extensive data access capabilities it affords the attacker.

On the other hand, the SLAP vulnerability, short for Speculative Load Address Predictor, targets the Load Address Predictor (LAP) embedded in Apple’s silicon architecture. This exploit takes advantage of the LAP’s ability to predict memory locations, allowing attackers to force it into making incorrect predictions. By doing so, they can extract sensitive information from other browser tabs, which may include private details such as Gmail content, Amazon purchase histories, and Reddit comments. Unlike FLOP, the SLAP attack is confined to Safari and is capable of reading only memory strings that are adjacent to the attacker’s own data. While it affects the same range of devices as FLOP, its impact is considered less severe due to its more limited scope and the fact that it is restricted to a single browser. Nevertheless, SLAP illustrates a concerning vulnerability in how speculative execution can undermine the process isolation that is typically expected in web browsers.

In summary, these vulnerabilities present a notable risk to users of Apple devices, particularly those who frequently access sensitive information online. As the situation develops, it will be essential for Apple to respond effectively to safeguard its users from these emerging threats.