Summary: Researchers have uncovered two new speculative execution attacks, SLAP and FLOP, specifically targeting Apple Silicon processors. These attacks exploit the processors’ Load Address and Load Value Predictors to potentially leak sensitive information such as emails and credit card details. While Apple has acknowledged these findings, they assert that there is no immediate risk to users, and recommendations include disabling JavaScript in Safari as a temporary measure.
Affected: Apple Silicon processors (M2 and A15)
Keypoints :
- SLAP exploits the Load Address Predictor to guess wrong and leak sensitive data.
- FLOP uses the Load Value Predictor to bypass memory safety and extract personal information.
- Apple downplays immediate risks, suggesting users can temporarily disable JavaScript in Safari as a preventive measure.