Introduction

Recent Apple update has uncovered two significant security vulnerabilities in Apple’s latest chip designs, dubbed SLAP (Speculative Load Address Prediction) and FLOP (False Load Output Prediction). These flaws affect a wide range of Apple devices released since 2021, including:

Mac laptops and desktops with M2 and M3 chips

iPhones with A15 and A17 chips

iPads with M1 and later chips

What are these security risks

The vulnerabilities stem from speculative execution techniques used to enhance processor performance:

SLAP

Affects devices with M2/A15 and later chips, allowing attackers to access out-of-bounds data by manipulating the Load Address Predictor.

FLOP

Impacts M3/A17 and newer processors, exploiting incorrect Load Value Predictions to bypass memory safety checks.

These flaws could potentially allow malicious websites to steal sensitive information like emails, browsing history, and credit card data from Safari and Chrome browsers. The attacks can be executed remotely through specially crafted web pages, without requiring physical access to the device.

Apple has acknowledged the vulnerabilities and stated they are working on addressing them in future security updates. However, the company believes these issues do not pose an immediate risk to users.

To protect yourself

Keep your devices updated with the latest security patches.

Use reputable browsers and exercise caution when visiting unfamiliar websites.

Consider using content blockers and other security features provided by your browser.

Additionally, minimizing the number of open browser tabs, especially when accessing sensitive accounts, and avoiding public Wi-Fi networks can help reduce the risk of exploitation.

Apple Update

As of January 29, 2025, there are currently no software updates available to specifically mitigate the SLAP and FLOP vulnerabilities in Apple devices. Apple has acknowledged the vulnerabilities and stated that they plan to address them in an upcoming security update.

However, the company has not yet released patches for these flaws.

Apple told Bleeping Computer, “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats. Based on our analysis, we do not believe this issue poses an immediate risk to our users.”

Conclusion

While these vulnerabilities are concerning, it’s important to note that exploiting them requires a high level of technical expertise. Apple’s robust security framework also makes successful attacks more challenging. Nevertheless, users should remain vigilant and follow best security practices to protect their sensitive information.