Recent research from Georgia Institute of Technology and Ruhr University Bochum unveils two new side-channel attacks — SLAP and FLOP — targeting Apple’s Silicon processors, including M2 and A15. These attacks exploit speculative-execution vulnerabilities in Chrome and Safari browsers, allowing malicious webpages to extract sensitive information from other browser tabs. By predicting memory addresses and leveraging the side effects of speculative operations, attackers can gain access to private data that should remain secure, illustrating the continuing risks posed by CPU architecture weaknesses and the need for improved security measures.
These attacks exploit weaknesses in Apple's Arm-compatible processor designs to extract information from memory that should be off limits.
In practice, that means a malicious webpage in one Chrome or Safari browser tab snooping on a page in another tab.
Collection
[
|
...
]