A Deep Dive into Apple's Latest Chip Vulnerabilities

I've been doing some research on Apple's newest chips lately, and I wanted to share some important findings about two newly discovered vulnerabilities. They're called SLAP (Speculation Attacks via Load Address Prediction) and FLOP (False Load Output Predictions).

What caught my attention is how these vulnerabilities work at the chip level. Both exploit something called "speculative execution," which is essentially a performance optimization feature in modern processors. SLAP targets something called the Load Address Predictor (LAP) in Apple CPUs, while FLOP goes after the Load Value Predictor (LVP) in the newer chips.

The affected devices include anything with M2/A15 chips and later for SLAP, and M3/A17 and newer processors for FLOP. What makes this particularly interesting is that both vulnerabilities could potentially allow attackers to access sensitive data from browsers like Safari and Chrome, including things like browsing history and credit card information.

Apple has been aware of these issues for a while now - they were notified about SLAP on May 24, 2024, and FLOP on September 3, 2024. Their public stance, as stated to BleepingComputer, is that they "do not believe this issue poses an immediate risk to users." While that's somewhat reassuring, they're still working on addressing these vulnerabilities.

I found that MacBook Pro users (particularly those with 2022 or later models) shouldn't panic but stay informed. There aren't any known exploits being used "in the wild" yet, and exploiting these vulnerabilities would require some serious technical expertise.

That said, I think it's worth taking some basic precautions:

1. Keep your system and browsers updated
2. Be mindful of which websites you visit
3. Consider using alternative browsers (though I should note that while Firefox hasn't been specifically confirmed to be affected, researchers suggest similar browsers could potentially be vulnerable too). Don’t quote me on this one!

What I find most fascinating about this whole situation is how it highlights a fundamental challenge in processor design: the constant trade-off between performance and security. These vulnerabilities emerged from features that were meant to make our devices faster, which really makes you think about the complexity of modern chip architecture.

We’ll have to wait and see how Apple addresses these issues in future chip designs. Hardware-level vulnerabilities like these are particularly tricky to fix, as they're built into the very architecture of the chips themselves.

Have any of you been following this story? I'd be curious to hear your thoughts about these kinds of hardware-level security challenges.

Last updated: 3 February 2025