New Apple CPU side-channel attacks steals data from browsers – BleepingComputer
January Windows 10 preview update force installs new OutlookGarmin GPS watches crashing, stuck in triangle ‘reboot loop’New Apple CPU side-channel attacks steal data from browsersSignal will let you sync old messages when linking new devicesLaravel admin package Voyager vulnerable to one-click RCE flawThis course bundle deal is the affordable way to train for CompTIA examsMicrosoft investigates Microsoft 365 outage affecting users, adminsFBI seizes Cracked.io, Nulled.to hacking forums in Operation TalentHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeA team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers.The Georgia Institute of Technology and Ruhr University Bochum researchers, who presented another attack dubbed ‘iLeakage’ in October 2023, presented their new findings in two separate papers, namely FLOP and SLAP, which show distinct flaws and ways to exploit them.The flaws stem from faulty speculative execution implementation, the underlying cause of notorious attacks like Spectre and Meltdown.The FLOP and SLAP side-channel attacks target features aimed at speeding up processing by guessing future instructions instead of waiting for them can leave traces in memory to extract sensitive information.”Starting with the M2/A15 generation, Apple CPUs attempt to predict the next memory address that will be accessed by the core,” explained the researchers to BleepingComputer.”Moreover, starting with the M3/A17 generation, they attempt to predict the data value that will be returned from memory. However, mispredictions in these mechanisms can result in arbitrary computations being performed on out-of-bounds data or wrong data values.”These mispredictions can have real-world security implications, such as escaping the web browser sandbox and reading cross-origin personally identifiable information on Safari and Chrome, as demonstrated in the two papers.The attacks are executed remotely through a web browser using a malicious webpage containing JavaScript or WebAssembly code designed to trigger them.The researchers disclosed the flaws to Apple on March 24, 2024 (SLAP) and September 3, 2024 (FLOP).Apple acknowledged the shared proof-of-concept and stated it plans to address the issues. However, at the time of writing, the flaws remain unmitigated.”We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats,” Apple told BleepingComputer.”Based on our analysis, we do not believe this issue poses an immediate risk to our users.”The first paper describes False Load Output Prediction (FLOP), a problem with Apple’s latest M3, M4, and A17 processors, which predict not just the memory addresses they will access but even the actual values stored in memory.If those Load Value Prediction (LVP) guesses are wrong, incorrect data is used for temporary computations, which attackers can exploit to leak sensitive information.The researchers demonstrated the FLOP attack by tricking Apple’s M3 CPU into making wrong guesses after training it via an execution loop that loads a specific constant value and then triggers a misprediction.While the CPU remains in this incorrect state, it leaks data through a cache timing attack. This leak lasts long enough for the researchers to measure memory access times and deduce the secret value before the CPU corrects itself.Through FLOP, the researchers demonstrated escaping Safari’s sandbox, retrieving sender and subject information from Proton Mail inbox, stealing Google Maps location history, and recovering private events from iCloud Calendar.The second paper describes Speculative Load Address Prediction (SLAP), which impacts Apple’s M2 and A15 processors, and many of the later models.Instead of FLOP, which is guessing what value a memory load will return, SLAP concerns the prediction of the memory address that will be accessed next, called Load Address Prediction (LAP).An attacker can “train” the CPU to anticipate a specific memory access pattern, then manipulate it into accessing secret data by abruptly altering the memory layout, causing the following prediction to point to the secret.The CPU, trusting its prediction, reads and processes the sensitive data before realizing and correcting the mistake, allowing an attacker to exploit cache timing or other side channels to infer the leaked data.By executing the SLAP attack repeatedly, the attacker can reconstruct stolen information such as retrieving Gmail inbox data, Amazon orders and browsing data, and Reddit user activity.The FLOP and SLAP attacks are significant due to their impact on modern and widely used hardware and because they can be executed remotely without requiring physical access.A victim would just need to visit a malicious website for the secrets to leak, bypassing browser sandboxing, ASLR, and traditional memory protections.The scripts used in the demo websites execute a sequence of memory loads designed to manipulate Apple’s FLOP and SLAP, so no malware infection is required. Modern browsers allow advanced computation, effectively serving as attack tools in this case.Until security updates from Apple are made available, a possible mitigation would be to turn off JavaScript in Safari and Chrome, though this will expectedly break many websites.Apple fixes this year’s first actively exploited zero-day bugMicrosoft: macOS bug lets hackers install malicious kernel driversPhishing texts trick Apple iMessage users into disabling protectionBanshee stealer evades detection using Apple XProtect encryption algoUN aviation agency confirms recruitment database security breachNot a member yet? Register NowDeepSeek halts new signups amid “large-scale” cyberattackBitwarden makes it harder to hack password vaults without MFAMicrosoft Teams phishing attack alerts coming to everyone next monthStruggling with Security? Learn how VisionX + Splunk has you coveredGet the GOAT Guide to learn how to start validating, start defending, and start winning.Criminal IP Teams Up with OnTheHub for Digital Education CybersecurityPassword health-check overdue? Audit your Active Directory for freeProtecting Against Malicious Browser Extensions: The Complete GuideTerms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
