XPost: comp.sys.mac.system, misc.phone.mobile.iphone
From: YourName@YourISP.com
Note the word *could* in the headline ... it's another storm in a
teacup that probably nobody in the real world will ever encounter (at
least nobody with the sense to avoid porn and pirate websites).
It's also similar to flaws already found in all other ARM processors,
so the brainless troll brigade should keep their idiotic pieholes shut.
Two Apple Silicon chip flaws could expose your private data to thieves
----------------------------------------------------------------------
Apple's processors are fast because they predict what you'll need next,
but when they guess wrong hackers can exploit those mistakes to steal
your private data.
Apple Silicon, like the M2 and M3, is designed to be some of the
fastest in the world, powering iPads and Macs. Their strength is
speculative execution, a feature that guesses what you'll need next to
keep things running smoothly.
But new research shows this speed boost comes with a cost. When these
guesses are wrong, they can create vulnerabilities that hackers could
use to access sensitive information, like emails and credit card
details.
SLAP & FLOP attacks
Researchers from the Georgia Institute of Technology have identified
two new Apple Silicon security vulnerabilities in Apple's recent CPUs,
named SLAP and FLOP. These attacks exploit features in the M2, M3,
A15, and A17 chips that are supposed to improve performance.
The problem lies in how Apple's processors try to predict memory
operations to speed up tasks. When these guesses are wrong, they
accidentally open the door for hackers.
SLAP (speculative execution via Load Address Prediction) lets
attackers access private data, like email content, by tricking the
processor into using out-of-bounds memory. FLOP (False Load Output
Prediction) goes even further, bypassing memory safety checks.
These aren't just theoretical attacks. The team demonstrated how SLAP
could extract private emails from Safari and how FLOP could recover
sensitive data like credit card details.
While there's no evidence of hackers exploiting these flaws in the
wild yet, the potential is there.
Apple's next move
SLAP and FLOP are similar to other speculative execution attacks like
Spectre and Meltdown, which caused widespread concerns a few years
ago. The difference here is that they specifically target Apple's
hardware.
Apple hasn't yet released a fix, but it's aware of the Apple Silicon
vulnerabilities. The researchers who found SLAP and FLOP notified
Apple about a year ago for one flaw, and about six months ago for the
other.
However the M4 chip was well underway at that time. True fixes often
require changes at the chip level, which can't happen until the next
generation of processors.
Software updates might mitigate the problem.
What you can do to stay safe
If your Mac, iPhone, or iPad uses an M2, M3, A15, or A17 chip, it's
vulnerable. That includes devices like the M2 MacBook Air, the
iPhone 15 Pro, and the latest iPads. Older devices with M1 or earlier
chips aren't impacted by these particular vulnerabilities, though they
might face different risks.
Keep your devices updated with the latest software, including security
patches. Avoid untrusted websites and disable JavaScript when not
needed. Browser extensions that block scripts can also help.
--- SoupGate-DOS v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
