Even though researchers at the Georgia Institute of Technology and Ruhe University Bochum identified the ‘iLeakage’ side-channel vulnerabilities present in Apple's processors back in October 2023, and the company quickly found a way to mitigate those issues, these same researchers have now found two new vulnerabilities that act very similarly.
These new flaws, dubbed FLOP (False Load Output Prediction) and SLAP (Speculative Load Address Prediction), are CPU side-channel attacks that use speculative execution implementation to steal sensitive information from web browsers. Similar attacks were the underlying cause of Spectre and Meltdown in Intel's chips years ago. These new vulnerabilities are of particular concern both because they can be executed remotely without requiring any physical access to an Apple device and also because a potential victim would only need to visit a malicious website in order for their information to be leaked.
Both of these new vulnerabilities target features aimed at speeding up processing by guessing at future instructions. The speeding up can leave traces in memory which can be used to extract sensitive information. As explained by the researchers behind this new discovery to Bleeping Computer:
““Starting with the M2 and A15 generation, Apple’s CPUs attempt to predict the next memory address that will be accessed by the core. And starting with the M3 and A17 generation, they attempt to predict the data value that will be returned from memory. However, mispredictions in these mechanisms can result in arbitrary computations being performed on out-of-bounds data or wrong data values.”
In the case of FLOP, if the attempts to predict data is incorrect, attackers can exploit this to leak sensitive information. While the CPU remains in an incorrect state, it leaks data through a cache timing attack – during which the researchers were able to retrieve sender and subject information from a Proton Mail inbox, steal Google Maps location history and recover private events from an iCloud Calendar.
Using SLAP meanwhile, an attacker can ‘train’ a CPU to anticipate a specific memory access pattern and then manipulate it by abruptly altering the layout. This causes the CPU to read and process the sensitive data which allows the attack to exploit cache timing and other side channels to reconstruct it. This method has been used to retrieve Gmail inbox data, Amazon orders and browsing data and Reddit user activity.
While these new flaws were disclosed to Apple last year in March and September, and the company both acknowledged the proof of concept and planned to address the issue, they currently remain unmitigated. Apple has told BleepingComputer that they thank the researchers for their work, but “based on our analysis, we do not believe this issue poses an immediate risk to our users.”
Still though, it's always a good to keep your MacBook and other Apple devices up to date and running the latest software. Likewise, you should also be using one of the best Mac antivirus software solutions for extra protection from malware and other attacks.
