Apple chips can be hacked to leak secrets from Gmail, iCloud, and more
1 min read
Summary
Two new hardware vulnerabilities on Apple devices have been discovered that leak sensitive data from browsers, including the Safari browser.
Known as FLOP and SLAP, they affect the later generations of Apple’s A and M series chips by exploiting the use of speculative execution to predict both control and data flow.
This allows attackers to infer secrets by measuring factors such as timing, sound and power consumption through side-channel attacks.
The vulnerabilities could lead to the disclosure of credit card details, location information and JavaScript code, for example, as well as allowing inbox content to be read.
Apple said the issue “sponsored thoughtful approaches to counter these vulnerabilities” and that it hoped “protective measures can be deployed” to defend against them.
