Unveiling the Apple Processor Flaw: Your Mac and iPhone at Risk

Tech
By 24matins.uk published 30 January 2025 at 17h51, updated on 30 January 2025 at 17h51.
Tech

Mac and iPhone users should be cautious as Apple processors are susceptible to attacks that could lead to the theft of sensitive information.

Security Flaws Identified in Apple Processors

Researchers from the Georgia Institute of Technology and Ruhr University Bochum have uncovered new vulnerabilities in Apple processors, named FLOP (False Load Output Prediction) and SLAP (Speculative Load Address Prediction). These flaws are notably similar to the “iLeakage” vulnerabilities identified in October 2023.

Remote Attacks without Physical Access

Alarmingly, these vulnerabilities can be exploited remotely without physical access to the device. Simply visiting a malicious website can lead to the theft of sensitive information. These attacks exploit mechanisms designed to speed up data processing by predicting future instructions, leaving memory traces that can be used to extract sensitive information.

FLOP and SLAP: Two Disturbing New Vulnerabilities

FLOP allows attackers to access sensitive data if data prediction is incorrect, using a cache timing attack while the processor is in an erroneous state. Researchers were able to extract information from a Proton Mail account, steal Google Maps location history, and retrieve private events from an iCloud calendar.

SLAP, on the other hand, enables attackers to “train” a processor to anticipate a specific memory access pattern, then suddenly alter the layout. This results in the reading and processing of sensitive data by the processor, which the attack exploits through cache timing and other side channels to reconstruct. This method was used to retrieve Gmail inbox data, Amazon orders, and Reddit user activity and browsing data.

Apple Aware But No Solution Yet

Despite reporting these vulnerabilities to Apple in March and September of the previous year, the company has yet to provide a fix. Although Apple acknowledged the proof of concept and plans to address the issue, they told Bleeping Computer: “Based on our analysis, we do not believe this issue poses an immediate risk to our users.”

Nevertheless, it is still recommended to keep your Apple devices updated and secure, including using the best antivirus solutions for Mac.