Published in News

Apple-designed chips are a hacker’s joy

by on29 January 2025
Apple-designed chips are a hacker’s joy


SLAP and FLOP

The fruity cargo cult Apple’s overhyped homemade chips contain two “features” that allow hackers to access credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail.

The vulnerabilities affect the CPUs in later generations of Apple A and M-series chip sets, opening them to side-channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption.

A team of security experts from the University of Georgia found the features and wrote a detailed report here.

They wrote that both side channels result from the chips' use of speculative execution, a performance optimisation that improves speed by predicting the control flow the CPUs should take and following that path rather than the instruction order in the program.

The researchers published a list of mitigations they believe will address the vulnerabilities allowing FLOP and SLAP attacks.

FLOP, short for Faulty Load Operation Predictor, exploits a vulnerability in the Load Value Predictor (LVP) found in Apple's A- and M-series chipsets. Inducing the LVP to predict incorrect memory values during speculative execution, attackers can access sensitive information such as location history, email content, calendar events, and credit card details.

This attack works on Safari and Chrome browsers and affects devices including Macs (2022 onward), iPads, and iPhones (September 2021 onward). FLOP requires the victim to interact with an attacker's page while logged into sensitive websites, making it highly dangerous due to its broad data access capabilities.

SLAP stands for Speculative Load Address Predictor and targets the Load Address Predictor (LAP) in Apple silicon, exploiting its ability to predict memory locations. By forcing LAP to mispredict, attackers can access sensitive data from other browser tabs, such as Gmail content, Amazon purchase details, and Reddit comments.

Unlike FLOP, SLAP is limited to Safari and can only read memory strings adjacent to the attacker's own data. It affects the same range of devices as FLOP but is less severe due to its narrower scope and browser-specific nature. SLAP demonstrates how speculative execution can compromise browser process isolation.

The boffins said Apple officials have privately indicated that they plan to release patches. However, Apple has denied this, saying the problem does not “pose an immediate risk to our users" who are protected by their faith in Steve Jobs.

Rate this item
(2 votes)
Tagged under
More in this category: « NASDAQ shares rise again Nvidia RTX 5090 and 5080 launch marred by supply shortages »
back to top

Most popular

Latest comments

Read more about: