Critical Security Flaws Found in Apple Silicon: SLAP and FLOP Attacks
Researchers have uncovered two critical security vulnerabilities, dubbed SLAP and FLOP, affecting Apple's M2/A15 and later chipsets. SLAP exploits incorrect guesses by the Load Address Predictor (LAP) during speculative execution to access out-of-bounds data, leaking sensitive information like email content and browsing history in Safari. FLOP leverages mispredictions by the Load Value Predictor (LVP) to bypass memory safety checks, stealing data such as location history, calendar events, and credit card information from Safari and Chrome. These attacks exploit speculative execution and affect most Apple devices released since 2022. Apple is aware and plans to address these issues in an upcoming security update; users are urged to keep their systems and apps updated.