Posted on Leave a comment

SLAP and FLOP browser vulnerabilities threaten nearly every Apple device since 2021 – Macworld

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Fresh off the fix of a zero-day vulnerability in iPhones, iPads, Macs, and other devices, security researchers at the Georgia Institute of Technology have revealed a pair of vulnerabilities that affect all of Apple’s modern devices.
First reported at BleepingComputer, these are side-channel attacks that can use special code on websites to allow websites to execute “side-channel” attacks that steal data from other web sessions. A malicious site could, for example, see your location data from a Google Maps tab, or unencrypted email from an open browser tab that is logged in to your secure email account. Banking info, login info, purchase history—there are lots of potential targets.
Most modern browsers “sandbox” web sessions, so that one browser tab or window can’t access the data from other tabs/windows. The SLAP and FLOP vulnerabilities exploit features of the latest Apple processors to get around this sandboxing.
The M2 and A15 generation of processors (and later) have a feature called Load Address Prediction (LAP), which it tries to predict the memory address of the next memory request in order to prefetch it and speed things up. SLAP (Speculation Attacks via Load Address Prediction) first falsely “trains” that predictive algorithm and then uses that the pull targeted data from other browser processes.
SLAP seems to work only in Safari.
Starting with the M3/A17 generation of processors, Apple goes a step further than loading data from predicted memory addresses. They have a feature called Load Value Predictor (LVP), which guesses what the value will be from a memory request. It’s all to help the processor run faster by not having to wait around for data to come from memory.
FLOP (False Load Output Predictions) issues instructions that return the same values all the time to “trick” the predictor into expecting a certain value even when the data has changed, and that lets them execute code on “incorrect” data values.
FLOP works in Safari and Chrome.
The researchers say the following Apple devices have the hardware necessary to execute these flaws.
The Georgia Institute of Technology researchers say there is no evidence that either SLAP or FLOP has been used in the wild. Similarly, Apple told BleepingComputer, “Based on our analysis, we do not believe this issue poses an immediate risk to our users.”
Yes, but it appears to be taking some time. The researchers disclosed SLAP to Apple on May 24, 2024, and FLOP on September 3, 2024. Apple has released numerous updates since that time without fixing the issue here.
You can read more about these exploits and see test demonstrations of them in action at the SLAP and FLOP site set up by the Georgia Institute of Technology researchers.
Jason has written about technology for more than 25 years – first in the gaming press, then focusing on enthusiast PCs and general technology. He enjoys learning how complicated technology works and explaining it in a way anyone can understand.
Macworld Sweden
Macwelt Germany
Subscribe to the Macworld Digital Magazine
Manage Subscription
Newsletter
Follow us on WhatsApp

source

Leave a Reply

Your email address will not be published. Required fields are marked *