American experts in the field of cybersecurity discovered two vulnerabilities present in all relevant iPhone, iPad and Mac devices, as well as in many models of previous generations. Vulnerability was assigned the names of SLAP and FLOP – these errors allow hypothetical attackers to view the contents of all tabs in browsers on devices.
Image source: apple.com
The vulnerabilities of SLAP (Speculation Attacks Via Load Address Prediction) and Flop (FALSE Load Output Predictions) appeared in the Apple A15 and M2 processors, as well as in later chips. Mistakes were revealed by researchers of the Georgia Technological Institute (USA). These vulnerabilities are similar to the previously discovered Spectre and Meltdown. They are associated with the technology of speculative execution – the processor is trying to predict future commands and uploads the data necessary for their implementation in advance. Having introduced incorrect data into this process, a hypothetical attacker gets the opportunity to read the contents of the memory that should not be available.
Each Safari browser tab is isolated – a site open on one tab cannot get data from what is open to the next. The vulnerability of SLAP, which can be operated by forcing the victim to visit the malicious site, opens up its owner access to any other Safari tab. This can be e -mail, location in Apple Maps, bank details and any other confidential information. Flop allows you to achieve the same result, but is a more dangerous error, since it works not only with Safari, but also with Chrome. It is not required to install malicious software on a computer – the attack is carried out using vulnerabilities in its own Apple code, and the probability of its detection is extremely small.
The threat is relevant for Apple iPhone 13, 14, 15, 16 and SE of the 3rd generation; iPad Air, Pro and Mini, starting with models of 2021; MacBook Air and Pro, starting with models of 2022; Mac Mini, Studio, Pro and IMAC, starting with 2023 models. Apple received a SLAP vulnerability notification in May, and Flop in September 2024. Currently, the company is working on error correction. Confirmation that vulnerability was operated by attackers in practice could not be found.
«Based on our analysis, we do not believe that this problem poses a direct threat to our users. Currently, there are no precautions that can be taken, with the exception of ordinary care when visiting websites, ”Bleeping Computer said in Apple.
Official documents shed light on some aspects of the construction of the Stargate campus in…
The Racing Arcade with the Open World forza Horizon 5 from the British studio PlayGround…
Researchers from the University of Linköping University received a patent for the technology of improved…
The Canadian Nesting Games Studio (belongs to the Digital Bros holding) through the IGN portal…
During December, gamers complained that the inclusion in the games of the HDR mode makes…
The Canadian startup XANADU, previously marked by joint work with NVIDIA on quantum simulators, reported…