Summary: Researchers have identified two new CPU side-channel attacks, SLAP and FLOP, that could potentially compromise sensitive user data across several Apple devices, such as iPhones, iPads, and MacBooks. These attacks exploit CPU vulnerabilities via malicious websites to extract data like email content and location history. Although Apple has been informed about these vulnerabilities, the company believes they do not pose an immediate risk to users.
Affected: Apple devices (iPhones, iPads, MacBook, Mac desktops)
Keypoints :
- SLAP and FLOP attacks can target millions of Apple devices released since September 2021.
- SLAP exploits Load Address Predictor on M2 and A15 CPUs, while FLOP targets Load Value Predictor on M3, A17, and newer CPUs.
- Both attacks were demonstrated on Safari and Chrome browsers, showing potential data leaks through minimal user interaction.
- Devices using Intel, AMD, and Qualcomm processors are not impacted by these attacks.
Source: https://www.securityweek.com/new-slap-and-flop-cpu-attacks-expose-data-from-apple-computers-phones/