Search
Search
Published: February 1, 2025 | Author: Mark Campbell

FLOP and SLAP side-channel attacks uncovered in Apple Silicon CPUs

Researchers uncover vulnerabilities in Apple Silicon CPUs that can enable web-based attacks

Researchers at the Georgia Institute of Technology and Ruhr University Bochum have uncovered two new vulnerabilities in Apple’s “Apple Silicon” processors, impacting both their A-series and M-series chips. These vulnerabilities could lead to web browser-based attacks on Apple Silicon devices, allowing attackers to steal sensitive information.

These new attacks are called “SLAP” and “FLOP”, with the former impacting Apple M2/A15 CPUs and newer and the latter impacting Apple M3/A17 processors and newer. With SLAP, researchers demonstrated real-world security risks with an end-to-end attack using the Safari browser. With FLOP, they were able to demonstrate vulnerabilities using both the Safari and Chrome web browsers.

(New Apple Side-Channel Attacks – from predictors.fail)

These side-channel attacks exploit speculative execution mechanisms and their faults, making these attack vectors similar to the infamous Spectre and Meltdown vulnerabilities.

As of now, Apple has not released any security updates to address these vulnerabilities. Researchers have suggested turning off JavaScript in Safari and Chrome as a potential mitigation. However, this fix will break many websites.

In a statement to Bleeping Computer, Apple has released the following statement;

We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats. Based on our analysis, we do not believe this issue poses an immediate risk to our users.

– Apple

Currently, these attack vectors appear only to have been exploited by researchers. As such, users of Apple Silicon products are safe from these attacks. Regardless, it is only a matter of time before malicious actors exploit SLAP and FLOP. Apple needs to update their devices to mitigate these issues and do it quickly. Hopefully, these fixes will not have a performance penalty for Apple’s users.

You can join the discussion on Apple’s side-channel CPU vulnerabilities on the OC3D Forums.

Mark Campbell

Mark Campbell

A Northern Irish father, husband, and techie that works to turn tea and coffee into articles when he isn’t painting his extensive minis collection or using things to make other things.

Follow Mark Campbell on Twitter
View more about me and my articles.

Latest News

Uh-oh! It looks like you're using an ad blocker.

OC3D relies on ads to provide free content and sustain our operations. By white listing us on your ad blocker, you help support us and ensure we can continue offering valuable content without any cost to you. We only run our own hand picked ads from Industry brands like MSI, BeQuiet, Sapphire and PC-Specialist - meaning they are all relevent to the content you are reading.

We truly appreciate your understanding and support. Thank you for considering whitelisting OC3D