Researchers from the Georgia Institute of Technology and Ruhr University Bochum have disclosed a vulnerability in Apple’s chip devices, allowing attackers to create specific content to extract data.
The reported vulnerabilities, known as SLAP (Data Speculation Attacks via Load Address Prediction on Apple Silicon) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions), exploit the technique of accelerating CPU processing speed by predicting the next data location, enabling attackers to pull data from inaccessible memory units if the prediction is incorrect. This method resembles the Spectre vulnerability from 2018.
These attacks can be carried out through web browsers with custom-crafted content to exploit this memory unit-level vulnerability. SLAP affects M2 and A15 chips, while FLOP targets M3, M4, and A17 chips. The vulnerable browsers are Safari and Chrome.
However, it is important to note that these vulnerabilities are theoretical at this point, with no reported attacks. Apple has acknowledged and appreciated the research team for reporting this issue, promising to release patches in the future. Currently, the situation is deemed to have no impact on users.
Source: Bleeping Computer
TLDR: Researchers discover vulnerabilities in Apple chips that could potentially allow attackers to extract data, but no known attacks have occurred and Apple is working on patches.
Leave a Comment