Two Apple Silicon chip flaws could expose your private data to thieves

Jump to First Reply
Posted:
in macOS edited January 28

Apple's processors are fast because they predict what you'll need next, but when they guess wrong hackers can exploit those mistakes to steal your private data.

Closed silver MacBook Pro with a black apple logo in the center on a light surface.
M3 MacBook Pro
Apple Silicon

, like the M2 and M3, is designed to be some of the fastest in the world, powering iPads and Macs. Their strength is speculative execution, a feature that guesses what you'll need next to keep things running smoothly.

But new research shows this speed boost comes with a cost. When these guesses are wrong, they can create vulnerabilities that hackers could use to access sensitive information, like emails and credit card details.

SLAP & FLOP attacks



Researchers from the Georgia Institute of Technology have identified two new Apple Silicon security vulnerabilities in Apple's recent CPUs, named SLAP and FLOP. These attacks exploit features in the M2, M3, A15, and A17 chips that are supposed to improve performance.

The problem lies in how Apple's processors try to predict memory operations to speed up tasks. When these guesses are wrong, they accidentally open the door for hackers.

SLAP (speculative execution via Load Address Prediction) lets attackers access private data, like email content, by tricking the processor into using out-of-bounds memory. FLOP (False Load Output Prediction) goes even further, bypassing memory safety checks.

These aren't just theoretical attacks. The team demonstrated how SLAP could extract private emails from Safari and how FLOP could recover sensitive data like credit card details.

While there's no evidence of hackers exploiting these flaws in the wild yet, the potential is there.

Apple's next move



SLAP and FLOP are similar to other speculative execution attacks like Spectre and Meltdown, which caused widespread concerns a few years ago. The difference here is that they specifically target Apple's hardware.

Two microchip icons with a hand and flip-flops inside. Text: SLAP, Data Speculation Attacks on Apple Silicon; FLOP, Breaking Apple M3 CPU via False Load Predictions.
SLAP and FLOP. Image credit: Georgia Institute of Technology



Apple hasn't yet released a fix, but it's aware of the Apple Silicon vulnerabilities. The researchers who found SLAP and FLOP notified Apple about a year ago for one flaw, and about six months ago for the other.

However the M4 chip was well underway at that time. True fixes often require changes at the chip level, which can't happen until the next generation of processors.

Software updates might mitigate the problem.

What you can do to stay safe



If your Mac, iPhone, or iPad uses an M2, M3, A15, or A17 chip, it's vulnerable. That includes devices like the M2 MacBook Air, the iPhone 15 Pro, and the latest iPads. Older devices with M1 or earlier chips aren't impacted by these particular vulnerabilities, though they might face different risks.

Keep your devices updated with the latest software, including security patches. Avoid untrusted websites and disable JavaScript when not needed. Browser extensions that block scripts can also help.



Read on AppleInsider

Comments

  • Reply 1 of 6
    "...and disable JavaScript when not needed. Browser extensions that block scripts can also help." - anybody else find this advice useless?  Seems to me that you wouldn't be able to use a high level , interpreted language like Javascript to exploit a  machine instruction level  bug.
    edited January 28
    muthuk_vanalingammaltzmarklark
     2Likes 1Dislike 0Informatives
  • Reply 2 of 6
    Marked safe with an M1 MacBook Air and an M1iPad Air. BTW, they both still function wonderfully!
     0Likes 0Dislikes 0Informatives
  • Reply 3 of 6
    twolf2919 said:
    "...and disable JavaScript when not needed. Browser extensions that block scripts can also help." - anybody else find this advice useless?  Seems to me that you wouldn't be able to use a high level , interpreted language like Javascript to exploit a  machine instruction level  bug.
    You can definitely use Javascript to escape the browser sandbox, potentially opening up a path to executing code outside of it.
    ForumPostmarklark
     1Like 0Dislikes 1Informative
  • Reply 4 of 6
    twolf2919 said:
    "...and disable JavaScript when not needed. Browser extensions that block scripts can also help." - anybody else find this advice useless?  Seems to me that you wouldn't be able to use a high level , interpreted language like Javascript to exploit a  machine instruction level  bug.
    One of their demo attacks is to use sandboxed JavaScript to read Proton email:

    We train the M3 CPU's LVP via sandboxed JavaScript code running inside WebKit (Safari's browsing engine). When the mouse cursor is over our demo webpage, our proof-of-concept opens Proton Mail's inbox in a new window, but uses the same process to render the inbox. This brings the inbox content into the address space, making it accessible with a sandbox escape. Finally, we use the LVP to craft an arbitrary read primitive to anywhere in this address space, recovering the sender and subject lines shown on the inbox page.

    from https://predictors.fail/

    twolf2919marklark
     0Likes 0Dislikes 2Informatives
  • Reply 5 of 6
    dewmedewme Posts: 5,873member
    Re: " Their strength is speculative execution, a feature that guesses what you'll need next to keep things running smoothly."

    I suppose you're trying to present this in more broadly relatable terms, but to describe speculative execution as "guessing" is oversimplification. If you look up the word guessing you'll find something to the effect of "an estimate or supposition based on a lack of sufficient information." This does not apply to any of the performance optimization techniques and algorithms developed and implemented since the dawn of digital computing.

    The architectural fundamentals for how most digital computers work were developed early. Even then it was important to optimize those computers to best utilize the available resources provided by the underlying hardware. Soon thereafter when computers were actually put to work using programming languages (software in some form) it became very evident through observations, measurements, and statistical and probabilistic analysis that there were many additional ways to optimize both the hardware and software to get better performance and utilization.

    Said in simpler terms, once they started using computers they were able to observe and identify where the bottlenecks were and took steps to mitigate the bottlenecks that were found. Applying the theory of constraints, when the biggest bottleneck was squashed or reduced, another bottleneck rose to the top of the list and became the next target to mitigate. Rather, rinse, and repeat, This process has continued to this day. However, this has never been a whack-a-mole reaction because computer architects, engineers, and scientists gained much more understanding of how different design approaches led to bottlenecks and inefficiencies in the first place, some of which are constrained by the current fundamental architecture (Von Neumann architecture) of modern digital computers. Going after these challenges required the application of some very heavy mathematics.

    The mathematical basis and proofs for many of the hardware and software optimizations that have been introduced in the past few decades is solidly grounded in statistics, probability, set theory, prediction, physics, material science, etc. The mathematical core of engineering education used to be grounded mostly in algebra, calculus, differential equations, linear algebra, thermodynamics, electromagnetic theory, etc. It still is. Since the advent of digital computing and computer science the mathematical grounding now includes probability, statistics, set theory, queuing theory, algorithms. data science, etc. This emphasis on probability and statistics has grown massively as computer engineering and computer science has advanced. It is no more evident than it is for the advancement of AI. The computer engineers and architects that design Apple's SoCs have to be firmly grounded in all of the above mathematical disciplines. But as we see here with SLAP and FLOP, they can and occasionally do still make mistakes.

    There is no guessing going on.
    muthuk_vanalingam
     0Likes 0Dislikes 1Informative
  • Reply 6 of 6
    Wow. Hopefully Apples fix won’t hurt performamce too much. 
     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.