AI summary:
The article discusses two new side-channel speculative execution attacks targeting Apple silicon, named SLAP and FLOP. These attacks were presented by security researchers from the Georgia Institute of Technology and Ruhr University Bochum.
- SLAP (Data Speculation Attacks via Load Address Prediction): Exploits Apple Silicon’s Load Address Predictor, potentially leaking information like emails and browsing history.
- FLOP (False Load Output Predictions): Exploits Apple Silicon’s Load Value Predictor, potentially leaking sensitive data like credit card information and location history.
Apple has acknowledged these vulnerabilities but stated they do not pose an immediate risk to users. The researchers have not observed these attacks in the wild yet. Users can mitigate risks by disabling JavaScript in Safari, though this may cause compatibility issues with websites
When modern CPUs execute instructions, they try to make a best guess as to what the next instruction or data it needs will be while it’s still executing the first, to speed things up so it doesn’t have to wait until the entire instruction execution cycle is complete to start retrieving the next one from memory. These exploits force it to guess wrong, potentially pulling sensitive data out of memory and making it accessible to processes which usually can’t access it.