Slap and flop security defects affect all the current Apple devices and many old devices

Security researchers have found two flaws in all current iPhones, iPads, and Macs, and many previous flaws. The vulnerabilities known as SLAP and Flop may allow the attacker to see the current contents of the open web tab.

The defects are introduced in A15 and M2 chips, and can be seen in the following chips up to the latest version of each device …

What are Hirate and Flop?

Georgia Institute of Technology’s security researchers have found slaps (speculative attacks by load address prediction) and flops (fake load output predictions). They work in the same way as spectors and meltdowns.

All of these vulnerabilities are derived from the approach of Apple and other chip designers to speed up processing time. This idea, known as speculative execution, is that Chip predicts the possibility of future commands and strives to load the necessary data to execute them.

If an attacker can inject unauthorized data into these processes, you can read memory content that is not accessible.

What is the vulnerability?

In Safari, each tab needs to be a sandbox. In other words, the website open on a tab cannot access data from another website open on another tab.

If the attacker accesses you on a website that is deceived and violated, you can access the data from another open Safari tab. For example, you can read emails, look at your location on the Apple map, and see the details of the bank.

Flops can do the same, but they are more powerful and working using Chrome and Safari.

Mac does not require malware. There is little possibility that the attack will be performed using the apple’s unique code defect and that the attack is undergoing progress.

Which device is vulnerable?

Apple device after A15 and Apple device after M2 or later. Researchers have confirmed that the next device is vulnerable:

iPhone:

• iPhone 13
• iPhone 14
• iPhone 15
• iPhone 16
• 3rd generation iPhone SE

iPad:

• IPad Air model after 2021
• IPad Pro model after 2021
• IPad Mini Models after 2021

Mac:

• MacBook Air model after 2022
• MacBook Pro model after 2022
• Mac mini model after 2023
• Mac Studio model after 2023
• IMac model after 2023
• Mac Pro (2023)

What is the risk of the real world?

Researchers say that both vulnerabilities have no evidence that they are still abused.

Apple has been working for SLAP in September 2024 for SLAP in September 2024 for a while since the company was first notified.

The company issued a short statement Breeding computer:

Based on the analysis, we do not believe that this problem will bring users for the time being.

Currently, there are no precautionary measures that can be taken beyond exercising normal care on a website you visit.

Image: shopestore collage using Apple photos