Security Researchers Uncover New Apple Device FLOP and SLAP Vulnerabilities

Security experts have discovered two significant vulnerabilities that could allow hackers to steal sensitive data from Apple devices, including Mac computers, iPhones, and iPads. These newly identified threats, known as FLOP and SLAP Vulnerabilities, exploit side-channel attacks and pose a risk to devices manufactured since 2021. What makes these attacks particularly alarming is that they can be carried out remotely, meaning hackers do not need physical access to a device to exploit them.

Research teams from the Georgia Institute of Technology and Ruhr University Bochum recently released reports detailing these vulnerabilities. The flaws affect Apple devices running M2, M3, and M4 chips, as well as A15 Bionic, A16 Bionic, and A17 Pro processors. Web browsers like Google Chrome and Safari have been identified as potential points of exploitation. By targeting these vulnerabilities, hackers can gain unauthorized access to login-protected data from platforms such as Gmail and iCloud, creating serious security risks for users.

How FLOP and SLAP Vulnerabilities Work to Steal Data?

The newly discovered threats take advantage of Apple silicon’s speculative execution process, a technique used to enhance processing speed by predicting future instructions. While this predictive mechanism increases efficiency, it also leaves memory traces that cybercriminals can exploit. FLOP and SLAP break existing security measures designed to isolate webpages from one another, allowing malicious sites to extract sensitive information from legitimate ones.

“There are hardware and software measures to ensure that two open webpages are isolated from each other, preventing one of them from maliciously reading the other’s contents,” the researchers explained. “SLAP and FLOP break these protections, allowing attacker pages to read sensitive login-protected data from target webpages.”

The affected Apple devices include MacBook Air and MacBook Pro models from 2022 onward, Mac Mini, iMac, Mac Studio, and Mac Pro from 2023 onward, as well as iPad Pro, iPad Air, and iPad Mini models released from September 2021. Additionally, all iPhone models from the iPhone 13 series onward, including the iPhone SE (3rd generation), are vulnerable. The widespread impact of these vulnerabilities raises concerns about data security for millions of Apple users.

Apple’s Response and Potential Mitigation Steps

Despite the gravity of the security threats posed by FLOP and SLAP Vulnerabilities Apple has yet to release an official fix. Security researchers stress that addressing these vulnerabilities requires software patches from Apple, but no immediate mitigation measures are currently available. Apple has, however, acknowledged the research findings and stated that they plan to address the issues in a future security update.

An Apple spokesperson commented, “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats. Based on our analysis, we do not believe this issue poses an immediate risk to our users.”

While Apple has downplayed the urgency of the issue, security experts advise users to stay vigilant and avoid opening untrusted webpages, particularly on Safari and Chrome browsers. Until Apple implements the necessary fixes, users should exercise caution when accessing sensitive accounts or conducting financial transactions on their devices. As the tech giant works on a solution, the discovery of these vulnerabilities highlights the ongoing battle between cybersecurity researchers and cybercriminals seeking to exploit system weaknesses.