A group of cybersecurity researchers has discovered a new class of vulnerabilities affecting Apple's M2, A15, and newer chips. They are called SLAP (Speculative Load Address Probing) and FLOP (Forwarding Loads on Opaque Pointers). The vulnerabilities allow attackers to access confidential data, bypass security mechanisms, and even hack into the Safari browser with further access to Gmail, iCloud, and other web applications, ArsTechnica reports.
According to researchers from the Georgia Institute of Technology and the Ruhr University in Bochum, the problem is related to the Load Address Predictor (LAP) feature, which was first introduced in the M2 and A15 processors. LAP improves performance by predicting what data the processor will use next, but it has been found to open up the possibility of attacks.
"There are hardware and software measures to ensure that two open webpages are isolated from each other, preventing one of them from (maliciously) reading the other's contents," the researchers write. "SLAP and FLOP break these protections, allowing attacker pages to read sensitive login-protected data from target webpages. In our work, we show that this data ranges from location history to credit card information."
The attack uses speculative command execution to gain access to memory that is normally protected. This can allow you to read data outside of the allowed memory areas, disrupt command execution, and even bypass the ASLR (Address Space Layout Randomization) mechanism, which is an important defense against exploits.
The researchers confirmed that SLAP affects all Apple processors, starting with the M2 and A15, which were the first to receive LAP. They also suspect that other chipmakers may be using similar memory prediction techniques and have similar vulnerabilities, although this remains to be seen.
It is worth noting that the team did not test Mozilla Firefox or other browsers, so it is not known whether the vulnerability applies to browsers other than Safari, which has been confirmed as vulnerable.
The researchers informed Apple of their findings and suggested ways to protect against the attacks. Although the company did not confirm plans to release patches, a spokesperson said in a comment to reporters:
“We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," the spokesperson wrote. “Based on our analysis, we do not believe this issue poses an immediate risk to our users.”
However, security experts warn that such vulnerabilities can be used in real attacks, so they need to be addressed as soon as possible.
The FLOP research report will be presented at the USENIX Security Symposium 2025, and the SLAP research will be presented at the IEEE Symposium on Security and Privacy 2025.