Excerpt from Forbes Article, Published on Jan 28, 2025.
Security researchers have uncovered two alarming vulnerabilities that could expose sensitive user data on Apple devices, including New Apple Mac, iPhone, and iPad models. The threats, known as FLOP and SLAP, target devices dating back to 2021 and are particularly concerning because they can be exploited remotely without requiring physical access to the device. The attacks were detailed in reports published by researchers Jason Kim, Jalen Chuang, Daniel Genkin, and Yuval Yarom from Georgia Institute of Technology and Ruhr University Bochum. FLOP and SLAP exploit side-channel vulnerabilities in Apple’s silicon chips, including M2, M3, A15 Bionic, and A17 Pro processors, allowing attackers to read sensitive data from popular browsers such as Chrome and Safari. This breach could expose information from services like Gmail and iCloud.
These vulnerabilities stem from speculative execution—a technique used by processors to boost performance by predicting future instructions. Unfortunately, this process leaves traces in memory, which can be exploited by hackers to access protected data. “SLAP and FLOP break these protections, allowing attacker pages to read sensitive log-in-protected data from target webpages,” researchers noted. Affected devices include New Apple MacBook Air and MacBook Pro models from 2022 onward, iPhones from the 13 series onward, and iPad Pro, Air, and Mini models released since September 2021.
While no immediate fix has been provided, Apple has acknowledged the issue and indicated plans for a future security update. “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats. Based on our analysis, we do not believe this issue poses an immediate risk to our users,” said an Apple spokesperson. Until a patch is available, experts recommend maintaining updated software and exercising caution when accessing sensitive information on New Apple Mac, iPhone, and iPad devices to mitigate potential risks.
To delve deeper into this topic, please read the full article Forbes.
