Kentfield Times

Technology

New Security Vulnerabilities Discovered in Apple Silicon Processors

By 3 min read
Close-up of an Apple M3 chips

The latest Apple M3 chips are among the processors affected by the SLAP and FLOP vulnerabilities

Researchers from Georgia Institute of Technology and Ruhr University Bochum have uncovered two significant security vulnerabilities in Apple's latest processors, demonstrating how speculative execution attacks can compromise user data in popular web browsers.

The Discoveries

The research team has identified two distinct attacks, named SLAP (Speculation attacks via Load Address Prediction) and FLOP (False Load Output Predictions), which exploit new performance features in Apple's M2/A15 and M3/A17 processors respectively. These vulnerabilities allow malicious websites to potentially access sensitive information from other browser tabs, including email content and browsing history.

Understanding SLAP

SLAP targets Apple's Load Address Predictor (LAP), a feature introduced in M2/A15 processors to optimize data dependencies. The predictor attempts to guess future memory addresses based on previous access patterns, but this optimization creates a security vulnerability when predictions are incorrect.

"Unlike traditional Spectre attacks that exploit control flow predictions, SLAP demonstrates that data flow predictions can be equally dangerous," explains the research team. They successfully demonstrated the attack by recovering email content and browsing behavior from Safari users.

FLOP: A New Threat

The second vulnerability, FLOP, affects newer M3/A17 processors through their Load Value Predictor (LVP) feature. This mechanism attempts to predict data values before they're available from memory, but incorrect predictions can lead to security breaches. The research team demonstrated FLOP's effectiveness by creating attacks that could recover:

  • Location history
  • Calendar events
  • Credit card information
  • Browser data across both Safari and Chrome

Real-World Demonstrations

The researchers have provided several proof-of-concept demonstrations, including:

  • Accessing Proton Mail inbox data through Safari
  • Reading protected text content, including literary works
  • Bypassing browser security measures

These demonstrations highlight the practical implications of these vulnerabilities in everyday scenarios.

Technical Impact

Unlike traditional security vulnerabilities that stem from software bugs, SLAP and FLOP exploit hardware-level features:

  • SLAP affects systems with M2/A15 chips and newer
  • FLOP impacts M3/A17 processors and their successors
  • Both attacks can bypass process-level isolation
  • The vulnerabilities affect major browsers including Safari and Chrome

Browser Security Implications

The research reveals particular concerns for browser security. While Chrome implements Site Isolation as a security measure, the team discovered that certain subdomains can still be merged into one process, creating attack vectors. Safari's lack of Site Isolation makes it particularly vulnerable to these attacks.

Looking Forward

The discoveries raise important questions about the balance between processor performance optimization and security. As manufacturers continue to implement aggressive performance improvements, the potential for similar vulnerabilities may increase.

The research will be presented at two major security conferences in 2025:

  • SLAP at the IEEE Symposium on Security and Privacy
  • FLOP at the USENIX Security Symposium

Research Impact

This work was supported by multiple research organizations and institutions, including the Air Force Office of Scientific Research, DARPA, and the Deutsche Forschungsgemeinschaft. The findings highlight the ongoing challenges in maintaining security while pushing the boundaries of processor performance.

The research team has made their proof-of-concept code available through GitHub and Zenodo, allowing other security researchers to verify and build upon their findings.