Security gaps in processors are no longer just a problem for software manufacturers. Even hardware that is considered secure can have vulnerabilities that can be exploited by attackers. Two new gaps called FLOP and SLAP now affect Apple's M and A processors, which have impressed with their efficiency and performance in recent years. We will examine what lies behind these attack techniques and what risks they entail below.
The IT world was alarmed in 2018 by the Spectre and Meltdown security vulnerabilities, which showed how vulnerable even the hardware of modern computers and smartphones can be. These vulnerabilities exploited the speculative execution of program code, a technique designed to increase the performance of processors. FLOP and SLAP build on this concept and show that Apple's processors are not free of vulnerabilities either. The discovery of these new vulnerabilities makes it clear that hardware security remains a challenge that requires constant attention.
What are FLOP and SLAP?
FLOP and SLAP are security flaws that affect Apple's processors and are based on a weakness in what is known as speculative execution of program code. This technique is used by modern chips to increase efficiency. The processor tries to predict which data or instructions are needed next. This is exactly where FLOP and SLAP come into play.
- SLAP (Speculative Load Address Predictor): SLAP uses the Load Address Predictor to provide access to memory addresses that are normally protected. This allows attackers to read data from memory areas that are otherwise inaccessible to them.
- FLOP (Faulty Load Value Predictor): FLOP attacks the Load Value Predictor, which speculatively predicts values to be loaded from memory. These predicted values can be manipulated by attackers to bypass security mechanisms such as memory protection.
Which devices are affected?
The gaps affect several generations of Apple processors. Declarations According to security researchers Jason Kim, Jalen Chuang, Daniel Genkin and Yuval Yarom, who discovered FLOP and SLAP, the following chips are affected:
- M2, M3 and M4 processors
- A processors produced since September 2021
The attacks are aimed at current and widely used processors in Apple devices such as the MacBook, iPhone and iPad.
Apple was informed early
The security researchers informed Apple about the vulnerabilities early on. SLAP was reported to the company in May 2024, FLOP in September 2024. However, Apple has not yet provided any patches to close the gaps. However, the company has Bleeping Computer announced that a future software update should fix the problems. The statement reads:
We would like to thank the researchers for their cooperation, as this proof of concept improves our understanding of this type of threat. Based on our analysis, we do not believe this issue poses an immediate risk to our users.
How big is the risk?
Compared to previous security vulnerabilities such as Spectre and Meltdown, the risk posed by FLOP and SLAP currently appears to be manageable. Both vulnerabilities only allow attacks on the address space of the process, which the attacker already has control over. This means that, for example, an attack via Safari would only affect data from the currently open website. Other websites or data outside of this process are not directly vulnerable. However, there is a vulnerability that could make the attack more dangerous: If there is an additional security vulnerability in the browser, an attacker could theoretically also access other websites to read sensitive information such as passwords or personal data. However, the attack is slow because only a few bits per second can be read. Despite these limitations, FLOP and SLAP show that Apple's chips are not completely free of vulnerabilities.
What happens next?
Apple has proven in the past that the company takes security issues seriously and acts quickly when vulnerabilities are discovered. It is therefore likely that FLOP and SLAP will soon be fixed with a software update. Until then, users should keep their devices up to date and be careful not to visit unsafe websites. It is also advisable to consider using browsers with additional security measures to further minimize the risk.
FLOP and SLAP: A Wake-Up Call for Hardware Security
The discovery of FLOP and SLAP shows that even cutting-edge chips like those from Apple can be vulnerable to security flaws. Even though the risk remains low for most users, it is important to remain vigilant and install regular updates. The vulnerabilities illustrate how complex and challenging it is to make hardware and software secure. However, given the speed with which Apple has closed security flaws in the past, users can be confident that these problems will soon be fixed too. (Photo by LuckyStep48 / Bigstockphoto)
- Apple under pressure: Stricter controls threatened in Germany
- iOS 18.3 Update: Over 20 vulnerabilities fixed
