News Apple silicon is vulnerable to side-channel speculative execution attacks "FLOP" and "SLAP

[Admin]

Apple Silicon is extra prone to stolen information thanks to some yet-unpatched speculative execution attacks.

Apple silicon is vulnerable to side-channel speculative execution attacks "FLOP" and "SLAP : Read more

 

[Dementoss]

Is the problem only with Safari or, are other browsers affected? As far as I am aware, all web browsers have to use the Webkit kernal, to be permitted in the Apple App Store.

 

[JamesJones44]

Is the problem only with Safari or, are other browsers affected? As far as I am aware, all web browsers have to use the Webkit kernal, to be permitted in the Apple App Store.

The article is a little confusing on that point. However, reading the source, it explicitly calls out both Safari and Chrome:

We demonstrate the LVP's dangers by orchestrating these attacks on both the Safari and Chrome web browsers in the form of arbitrary memory read primitives, recovering location history, calendar events, and credit card information

Based on the data provided in the paper it's likely that any browser or bad acting application could possibly exploit this bug since it's a prefetch issue at the CPU level.

SLAP and FLOP

The SLAP and FLOP Address and Value Prediction Attacks

predictors.fail

 

[hwertz]

A) Generally these are timing attacks, turning off javascript really only protects from browser-based exploitation (and they're relying on macs out of the box requiring you to do lots of clicking through boxes to be able to run binaries that weren't probed and vetted by Apple).

B) I'm actually surprised any browser is still vulnerable, in Windows and Linux at least (in addition to firmware updates and all sorts of other fixes), in browser they simply removed nanosecond-accuracy time measurement from javascript, the side channel used in most of these attacks is based on measuring the tiny time difference from something being speculatively loaded in the cache or not. No accurate clock, no side channel.