Source URL: https://it.slashdot.org/story/25/01/28/2140207/apple-chips-can-be-hacked-to-leak-secrets-from-gmail-icloud-and-more?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Apple Chips Can Be Hacked To Leak Secrets From Gmail, ICloud, and More
Feedly Summary:
AI Summary and Description: Yes
Summary: The text discusses newly discovered vulnerabilities in Apple-designed chips that potentially leak sensitive data through side-channel attacks leveraging speculative execution. It highlights significant security issues that pose risks to user data in browsers, specifically targeting Safari and Chrome.
Detailed Description:
The vulnerabilities, known as FLOP and SLAP, are significant because they exploit flaws within Apple’s A- and M-series chipsets, affecting a range of devices including Macs, iPads, and iPhones. Here are the key points:
– **Vulnerabilities Identified**:
– FLOP (Faulty Load Operation Predictor): Targets the Load Value Predictor (LVP) and can leak sensitive information like location history and credit card details by predicting incorrect memory values during speculative execution.
– SLAP (Speculative Load Address Predictor): Focuses on the Load Address Predictor (LAP), able to access sensitive data from other browser tabs but is limited to Safari.
– **Mechanism**:
– Both vulnerabilities arise from the concept of speculative execution, where a CPU predicts control flow and executes instructions ahead of time for performance optimization. Attackers can infer sensitive data by measuring the CPU’s timing, sound, and power consumption during this process.
– **Affected Browsers and Devices**:
– Both vulnerabilities affect Safari and Chrome browsers, impacting devices such as Macs (from 2022 onwards), iPads, and iPhones (from September 2021 onwards).
– **Attack Viability**:
– FLOP requires user interaction with an attacker’s page while logged into sensitive websites, increasing the risk of exposure.
– SLAP is limited but can still be dangerous due to its ability to read adjacent memory strings.
– **Mitigations and Response**:
– Researchers proposed mitigations to address these vulnerabilities, and although Apple has not confirmed patch plans publicly, they have acknowledged the risks involved.
– **Implications**:
– These vulnerabilities underscore the risks associated with speculative execution and the potential for side-channel attacks in modern CPUs.
– For security professionals, this serves as a reminder to monitor firmware updates and implement security best practices in device management.
This finding emphasizes the critical need for ongoing vigilance in device security and robust response strategies against emerging threats, particularly in the realm of speculative execution and data protection.