Apple Chip Vulnerabilities Expose Sensitive User Data on Macs, iPhones, and iPads

By Tehniyat Zafar ⏐ 3 weeks ago ⏐ Newspaper Icon Newspaper Icon 2 min read
Apple Chip Vulnerabilities Expose Sensitive User Data On Macs Iphones And Ipads

Apple-designed chips in Macs, iPhones, and iPads exhibit two newly identified vulnerabilities that expose credit card information, geolocation, and other personal data from the Chrome and Safari browsers when accessing websites like iCloud Calendar, Google Maps, and Proton Mail.

The Georgia Institute of Technology along with Ruhr University Bochum researchers discovered two important security flaws which affect Apple’s A- and M-series chips built into devices released after 2021. Unauthorized individuals can remotely access sensitive user information including credit card details and location history plus emails and calendar events through FLOP and SLAP side-channel vulnerabilities.

The exploited vulnerabilities derive from a performance enhancement method called speculative execution which aims to increase processing speed through predictions related to data and control flow analysis. The two identified side-channel attacks operate as follows:

  • FLOP Attack: The Load Value Predictor (LVP) mechanism becomes a tool for attackers to reach restricted memory sections. The attack would provide access to location histories through Google Maps and multiple email accounts from Gmail and Proton Mail plus Calendar events stored in iCloud.
  • SLAP Attack: The SLAP Attack focuses on the Load Address Predictor (LAP) to alter memory address predictions which enables attackers to seize sensitive JavaScript data from active browser sessions. Safari visitors are vulnerable when a malicious webpage draws protected information from concurrently open websites.

Affected Devices

The researchers confirmed that the following Apple devices are vulnerable to one or both attacks:

  • MacBooks (2022–present): All MacBook Air and MacBook Pro models
  • Mac Desktops (2023–present): Mac Mini, iMac, Mac Studio, and Mac Pro models
  • iPads (September 2021–present): All iPad Pro, Air, and Mini models
  • iPhones (September 2021–present): All iPhone 13, 14, 15, and 16 models, including the SE (3rd generation)

Remote attackers have access to sensitive data from Safari and Chrome users who are viewing iCloud Calendar, Google Maps, Gmail, and Proton Mail websites without requiring authentication. Unauthorized access to email accounts and financial data, combined with real-time location tracking, provides a huge privacy danger exposure.

Apple’s Response and Mitigation Measures

Security experts privately revealed these vulnerabilities to Apple, who later verified receipt of the material. Despite Apple’s conclusion that these security flaws pose no immediate threat, they have confirmed plans to release updates as a preventative measure against potential future exploitation. In the meantime, security experts recommend users adopt precautionary measures, such as limiting the use of sensitive applications on affected devices and keeping software updated.

 

Related Posts

Elon Musk Announces Grok 3 Launch Set for Monday

By Huma Ishfaq ⏐ 5 hours ago

Elon Musk announced Grok 3, an AI chatbot created by his AI startup xAI, a few days ago. Late on Saturday, Musk confirmed the…

President Highlights Pakistan’s Focus on Chinese Technology

By Huma Ishfaq ⏐ 6 hours ago

President Asif Ali Zardari emphasized Pakistan’s commitment to leveraging China’s technological advancements to drive progress in key sectors, including infrastructure and agriculture. Pakistan aims…

Get Alerts