Researchers from Georgia Institute of Technology and Ruhr University Bochum have identified two new side channel attacks, FLOP and SLAP, targeting Apple's M and A CPUs. These attacks, which can be executed on devices including Macs, iPhones, and iPads manufactured from 2021, exploit the Load Address Predictor and Load Value Predictor systems in Apple silicon. By breaking browser isolation protections, one webpage can access data from another, posing a serious security risk. The attacks do not leave traces, further complicating mitigation efforts and highlighting potential vulnerabilities in widely used web browsers.
The FLOP and SLAP attacks exploit the predictive subsystems of Apple Silicon CPUs, compromising browser isolation and potentially leaking sensitive user data.
Both SLAP and FLOP could allow malicious websites to read sensitive information from other tabs, presenting a significant security risk to users.
Collection
[
|
...
]