A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers.
The Georgia Institute of Technology and Ruhr University Bochum researchers, who presented another attack dubbed '
iLeakage' in October 2023, presented their new findings in two separate papers, namely FLOP and SLAP, which show distinct flaws and ways to exploit them.
The flaws stem from faulty speculative execution implementation, the underlying cause of notorious attacks like Spectre and Meltdown.
The FLOP and SLAP side-channel attacks target features aimed at speeding up processing by guessing future instructions instead of waiting for them can leave traces in memory to extract sensitive information.
"Starting with the M2/A15 generation, Apple CPUs attempt to predict the next memory address that will be accessed by the core," explained the researchers to BleepingComputer.
"Moreover, starting with the M3/A17 generation, they attempt to predict the data value that will be returned from memory. However, mispredictions in these mechanisms can result in arbitrary computations being performed on out-of-bounds data or wrong data values."
These mispredictions can have real-world security implications, such as escaping the web browser sandbox and reading cross-origin personally identifiable information on Safari and Chrome, as demonstrated in the two papers.
The attacks are executed remotely through a web browser using a malicious webpage containing JavaScript or WebAssembly code designed to trigger them.
The researchers disclosed the flaws to Apple on March 24, 2024 (SLAP) and September 3, 2024 (FLOP).
Apple acknowledged the shared proof-of-concept and stated it plans to address the issues. However, at the time of writing, the flaws remain unmitigated.
