Recent research from the Georgia Institute of Technology and Ruhr University Bochum has uncovered two new side-channel vulnerabilities in Apple’s latest M and A series CPUs. These vulnerabilities, dubbed SLAP (Speculative Load Address Prediction) and FLOP (False Load Operation Prediction), could potentially allow attackers to extract sensitive information when users browse the web using popular browsers like Chrome and Safari.


What Are Side-Channel Attacks?

Side-channel attacks exploit unintended information leaks from a system’s hardware or software. Instead of attacking security defenses directly, hackers analyze indirect signals like timing data, power consumption, or speculative execution patterns to infer confidential data.


How SLAP and FLOP Work

The SLAP and FLOP vulnerabilities target Apple’s CPUs’ speculative execution mechanisms, which are designed to improve performance by predicting and pre-loading data before it is needed. However, these speculative processes can expose unintended information, allowing attackers to infer data that should remain private.


While the technical details of these vulnerabilities are complex, the primary concern is that they could be used to track users and extract sensitive data such as login credentials, encryption keys, and browsing habits.


Impact on Apple Users

These vulnerabilities emphasize the ongoing challenge of balancing performance and security in modern CPU designs. With Apple’s chipsets being widely used across iPhones, iPads, and Macs, the potential risk is significant, especially if exploited by malicious actors in the wild.


Apple’s Response and Mitigation Measures

Apple has not yet issued an official statement regarding SLAP and FLOP, but given the company’s history of responding to security threats, it is likely working on patches to mitigate the risks.


How to Protect Yourself

While waiting for Apple’s security updates, users can take the following precautions to minimize risk:


  • Keep Software Updated Ensure that your macOS, iOS, and browsers (Safari, Chrome, etc.) are regularly updated to receive the latest security patches.
  • Use Secure Browsing Practices: Avoid visiting untrusted websites and clicking on suspicious links.
  • Enable Security Features: Consider using features like browser sandboxing and privacy-focused extensions to limit potential exposure.
  • Monitor Official Updates: Follow Apple’s security bulletins and trusted cybersecurity news sources for updates on potential fixes.


Final Thoughts

The discovery of SLAP and FLOP highlights the ever-evolving landscape of cybersecurity threats. As CPU manufacturers continue to push the boundaries of performance, new vulnerabilities may emerge. Staying informed and practicing good cybersecurity hygiene remains the best defense against such threats.


For now, Apple users should remain vigilant, keep their systems updated, and await Apple’s official response regarding these newly discovered vulnerabilities.