Researchers from the Technological Institute of Georgia and Roursk University Bochum have recently uncovered two new side attacks on Apple processors, known as SLAP and FLOP. These vulnerabilities exploit the prediction mechanisms present in the latest generation of Apple Silicon chips, including the M2/A15 and M3/A17 processors.
SLAP, short for Speculative Load Address Prediction, targets the Load Address Predictor (LAP) which helps speed up the processor by predicting future data requirements. However, inaccurate predictions can result in speculative calculations being performed on data that should not be accessible. This allows attackers to potentially access sensitive information such as email contents and browsing history from Safari.
FLOP, or False Load Output Prediction, leverages the Load Value Predictor (LVP) in Apple M3/A17 processors to predict which data will be loaded from memory before it is actually available. Mistakes in these predictions can enable attackers to bypass security measures and access confidential information like calendar records, location history, and even bank card details.
The researchers demonstrated the practical exploitation of these vulnerabilities by showing how an attacker could use a JavaScript code to access the contents of a Prouton Mail mailbox from a neighboring Safari browser tab. Furthermore, they were able to extract text from the Harry Potter book series without the program actually requesting it using the M3 CPU.
While Apple has not yet released official patches to address these vulnerabilities, it is anticipated that the company will rectify them in future software updates. In the meantime, users are advised to limit their use of web browsers that support JavaScript and remain vigilant about security updates.