SLAP and FLOP: New Security Vulnerabilities in Apple Silicon

SLAP and FLOP: New Security Vulnerabilities in Apple Silicon
Photo by Zana Latif / Unsplash

Security researchers have uncovered two new vulnerabilities in Apple's latest processors, dubbed SLAP (Speculation Attacks via Load Address Prediction) and FLOP (False Load Output Predictions). These flaws affect a wide range of Apple devices, including recent Mac computers, iPads, and iPhones, potentially exposing sensitive user data to malicious actors[1][2].

Understanding the Vulnerabilities

Both SLAP and FLOP exploit speculative execution, a performance optimization technique used in modern processors. This method allows CPUs to predict and execute likely future instructions, improving overall speed. However, when these predictions are incorrect, they can leave traces that attackers can exploit to access sensitive information[3].

SLAP (Speculation Attacks via Load Address Prediction)

SLAP affects devices with M2, A15, and newer chips. It targets the Load Address Predictor (LAP), a feature that anticipates the next memory address the CPU will access. By manipulating this predictor, attackers can trick the processor into performing computations on out-of-bounds data, potentially revealing sensitive information like email content and browsing history[4][9].

FLOP (False Load Output Predictions)

FLOP impacts devices with M3, A17, and newer processors. It exploits the Load Value Predictor (LVP), which attempts to guess the data value that will be returned by memory requests. This vulnerability allows attackers to bypass critical memory safety checks, opening up possibilities for leaking secrets stored in memory[4][9].

Affected Devices

The vulnerabilities affect a wide range of Apple devices, including:

  • Mac notebooks from 2022 onwards
  • Mac desktops from 2023 onwards
  • iPad models from September 2021 onwards
  • iPhones from September 2021 onwards (including all iPhone 13, 14, 15, and 16 models)[5][9]

Potential Impacts

The implications of these vulnerabilities are significant. Attackers could potentially:

  1. Access email content from Safari users
  2. Retrieve browsing history and behavior
  3. Obtain location data from Apple Maps
  4. View calendar events from iCloud
  5. Access credit card information stored in browsers
  6. Steal other sensitive personal data[1][5][9]

What makes these attacks particularly concerning is that they can be executed remotely through a malicious webpage, without requiring physical access to the device[5].

Apple's Response

Apple has acknowledged the vulnerabilities but states that they do not believe these issues pose an immediate risk to users. The company is reportedly working on addressing the flaws in future security updates[5][16].

Mitigation and Protection

While Apple works on a permanent fix, users can take several steps to protect themselves:

  1. Keep devices updated with the latest software and security patches
  2. Exercise caution when visiting unfamiliar websites
  3. Consider disabling JavaScript when not needed
  4. Use browser extensions that block potentially malicious scripts[12]

Looking Ahead

The discovery of SLAP and FLOP highlights the ongoing challenges in processor security, particularly in the realm of speculative execution. As chip designs continue to prioritize performance, finding the right balance between speed and security remains a critical concern for manufacturers like Apple[3].

These vulnerabilities serve as a reminder of the importance of continuous security research and the need for swift responses to emerging threats in our increasingly connected digital world.

How do SLAP and FLOP attacks differ from Spectre and Meltdown

SLAP (Speculation Attacks via Load Address Prediction) and FLOP (False Load Output Predictions) are newly discovered vulnerabilities in Apple Silicon chips that differ from Spectre and Meltdown in several key ways:

Target and Scope

  • SLAP and FLOP specifically target Apple's recent M-series and A-series chips, including M2, M3, A15, and A17 processors12.
  • Spectre and Meltdown affected a wider range of processors from various manufacturers, including Intel, AMD, and ARM10.

Exploitation Mechanism

  • SLAP exploits the Load Address Predictor (LAP), which predicts memory addresses the CPU will access next211.
  • FLOP targets the Load Value Predictor (LVP), which guesses data values that will be returned by memory requests211.
  • Spectre and Meltdown primarily exploited speculative execution related to control flow, rather than data dependencies1011.

Data Access

  • SLAP and FLOP can potentially access data across browser tabs and even different browsers (Safari and Chrome)14.
  • Meltdown allowed user processes to read kernel memory, while Spectre could read memory within the same privilege level1012.

Implementation and Execution

  • SLAP and FLOP can be executed remotely through malicious websites without requiring physical access or malware installation34.
  • They can bypass browser sandboxing and read cross-origin personally identifiable information8.

Affected Software

  • SLAP and FLOP have been demonstrated to affect modern web technologies like JavaScript and WebAssembly11.
  • This makes them particularly dangerous for web-based attacks, as browsers automatically execute these languages11.

Mitigation Challenges

  • Fixing SLAP and FLOP may require chip-level adjustments, making immediate software patches less effective6.
  • Spectre and Meltdown also proved challenging to mitigate fully, but some software-based mitigations were possible12.

While SLAP and FLOP share similarities with Spectre and Meltdown in exploiting speculative execution, they represent a new class of vulnerabilities specifically targeting data prediction features in Apple's latest chips, potentially opening up new attack vectors in the realm of web-based exploits.

Citations:

[1] https://www.channele2e.com/brief/researchers-find-new-side-channel-attack-methods-on-apple-chips
[2] https://www.youtube.com/watch?v=zLquAYMtmVU
[3] https://www.macworld.com/article/2590937/slap-and-flop-browser-vulnerabilities-threaten-nearly-every-apple-device-since-2021.html
[4] https://www.digitec.ch/en/page/new-security-vulnerabilities-threaten-apple-chips-what-you-need-to-know-36561
[5] https://www.macrumors.com/2025/01/28/apple-web-browser-vulnerabilities/
[6] https://www.techrepublic.com/article/apple-m-chips-side-channel-vulnerabilities/
[7] https://www.perplexity.ai/page/apple-chip-security-flaws-fnnp9Q3DRb28GqNvZP0Bzw
[8] https://www.theregister.com/2025/01/29/flop_and_slap_attacks_apple_silicon/
[9] https://9to5mac.com/2025/01/29/slap-and-flop-security-flaws-affect-all-current-apple-devices-and-many-older-ones/
[10] https://www.securityweek.com/new-slap-and-flop-cpu-attacks-expose-data-from-apple-computers-phones/
[11] https://www.forbes.com/sites/alexvakulov/2025/01/29/apple-cpu-flaw-may-let-hackers-steal-your-data-8-ways-to-stay-safe/
[12] https://timesofindia.indiatimes.com/technology/tech-news/security-flaws-in-these-apple-silicon-chips-may-expose-private-data-of-iphone-ipad-and-mac-users/articleshow/117743731.cms
[13] https://thehackernews.com/2025/01/new-slap-flop-attacks-expose-apple-m.html
[14] https://www.thezdi.com/blog/2025/1/8/zdi-threat-hunting-2024-highlights-trends-amp-challenges
[15] https://www.channele2e.com/brief/researchers-find-new-side-channel-attack-methods-on-apple-chips
[16] https://www.macrumors.com/2025/01/28/apple-web-browser-vulnerabilities/
[17] https://www.stationx.net/beef-hacking-tool/
[18] https://jscrambler.com/blog/top-javascript-vulnerabilities-2025
[19] https://www.menlosecurity.com/blog/2025-cybersecurity-predictions-secure-the-browser
[20] https://flashpoint.io/blog/fleshstealer-infostealer-threat-2025/
[21] https://www.perplexity.ai/page/apple-chip-security-flaws-fnnp9Q3DRb28GqNvZP0Bzw

Read more