Researchers from Georgia Tech and Ruhr University Bochum discovered two new speculative execution attacks, SLAP and FLOP, affecting Apple Silicon chips (M2/A15 and later). These flaws exploit processor optimizations, allowing attackers to steal sensitive data like emails, locations, and browsing history.
New Apple SLAP & FLOP Attacks
The SLAP attack exploits the Load Address Predictor (LAP) in Apple CPUs, starting with the M2 and A15 chips. LAP improves performance by predicting which memory addresses will be accessed next.
However, when it makes incorrect predictions, it can trigger speculative execution, which processes data before confirming access permissions.
This flaw allows attackers to manipulate predictions, accessing restricted memory and leaking sensitive data such as passwords or private user information.
Researchers showed SLAP’s risk by using JavaScript to extract emails and browsing data from Safari’s Proton Mail interface, proving how speculative execution can expose sensitive information.
The FLOP attack targets the Load Value Predictor (LVP) in Apple’s M3 and A17 chips, which speculatively predicts data values before computation.
If mispredicted, speculative execution can bypass security checks. Researchers exploited this flaw in Safari and Chrome, extracting sensitive data like location history, calendar events, and payment details. FLOP’s ability to bypass memory protections highlights its severity, as demonstrated in real-world tests.
SLAP and FLOP attacks exploited speculative execution to extract hidden text from memory on Apple’s M2 and M3 CPUs. Researchers reconstructed passages from The Great Gatsby and Harry Potter by manipulating prediction mechanisms.
These flaws expose security risks in modern CPU optimizations. Apple has yet to respond, but patches are expected. The research, backed by institutions like AFOSR and DARPA, calls for a rethink of speculative execution in secure computing.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment