It has been discovered that Apple's A and M chips have a vulnerability that allows confidential data to be leaked when accessing Gmail or iCloud calendar through a browser
It has been revealed that some of the system-on-chips (SoCs) installed in iPhones, iPads, and Macs contain vulnerabilities that could allow a specific attacker to leak credit card information, location information, and other sensitive data from Chrome and Safari browsers. Apple has confirmed the vulnerability reports from researchers, but has not responded to them, saying that they 'do not pose an immediate risk to users.'
SLAP and FLOP
New Apple CPU side-channel attacks steal data from browsers
https://www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/
Apple chips can be hacked to leak secrets from Gmail, iCloud, and more - Ars Technica
https://arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/
The vulnerability affects later generations of Apple's 'A' and 'M' series SoCs. Researchers from Georgia Tech who discovered the vulnerability devised two attack methods, 'SLAP' and 'FLOP,' and described the vulnerability.
Both SLAP and FLOP are attacks that exploit a CPU performance improvement feature called ' speculative execution .' Speculative execution is a feature that speeds up processing by executing multiple instructions simultaneously. To improve performance, the CPU predicts the most likely branch destination of an instruction and executes instruction processing in advance based on that prediction. It is called speculative execution because it speculatively predicts and executes instruction branching.
SLAP is an attack that affects M2/A15 and newer chips.
M2/A15 and later chips are equipped with a 'load address prediction (LAP)' function that improves performance by allowing the CPU to predict the next memory address to retrieve data from based on past memory access patterns. However, if the LAP prediction is incorrect, the CPU will perform calculations on out-of-bounds data that should not have been accessed under speculative execution, which could allow an unprivileged remote attacker to recover email contents and browsing history via the Safari browser.
FLOP is an attack that affects M3/A17 and newer chips.
M3/A17 and later chips feature a load value prediction (LVP) feature that allows CPU cores to guess data values returned by the memory subsystem before they are actually available, improving data-dependent performance. If LVP guesses incorrectly, the CPU will perform calculations on inaccurate data under speculative execution, which bypasses important checks that ensure memory safety and opens an attack vector to leak sensitive data stored in memory. This could allow attackers to recover location history, calendar events, and credit card information through Safari and Chrome browsers.
Researchers from Georgia Tech say the following devices are affected:
- Mac laptops from 2022 onwards (MacBook Air, MacBook Pro)
- Mac desktops from 2023 onwards (Mac Mini, iMac, Mac Studio, Mac Pro)
・iPad Pro, iPad Air, and iPad Mini released after September 2021
・iPhones released after September 2021 (iPhone 13, iPhone 14, iPhone 15, iPhone 16, iPhone SE 3rd generation)
The researchers say other manufacturers' chips are suspected to use LVP and LAP and may be vulnerable to similar attacks, and they do not know whether other browsers, such as Firefox, are affected because their research did not test them.
The researchers notified Apple of SLAP on May 24, 2024, and FLOP on September 3, 2024, and Apple responded that it 'plans to address the issue.' However, according to technology media Bleeping Computer, Apple issued a statement saying, 'Based on our analysis, we do not believe this issue poses an immediate risk to users,' and 'This proof of concept has deepened our understanding of the threat. We would like to thank the researchers for their collaboration.'
Related Posts:
