News Apple silicon is vulnerable to side-channel speculative execution attacks "FLOP" and "SLAP

[Admin]

Apple Silicon is extra prone to stolen information thanks to some yet-unpatched speculative execution attacks.

Apple silicon is vulnerable to side-channel speculative execution attacks "FLOP" and "SLAP : Read more

 

[Dementoss]

Is the problem only with Safari or, are other browsers affected? As far as I am aware, all web browsers have to use the Webkit kernal, to be permitted in the Apple App Store.

 

[JamesJones44]

Is the problem only with Safari or, are other browsers affected? As far as I am aware, all web browsers have to use the Webkit kernal, to be permitted in the Apple App Store.

The article is a little confusing on that point. However, reading the source, it explicitly calls out both Safari and Chrome:

We demonstrate the LVP's dangers by orchestrating these attacks on both the Safari and Chrome web browsers in the form of arbitrary memory read primitives, recovering location history, calendar events, and credit card information

Based on the data provided in the paper it's likely that any browser or bad acting application could possibly exploit this bug since it's a prefetch issue at the CPU level.

SLAP and FLOP

The SLAP and FLOP Address and Value Prediction Attacks

predictors.fail