Apple’s processors are fast because they predict what you’ll need next, but when they guess wrong hackers can exploit those mistakes to steal your private data.
Apple Silicon, like the M2 and M3, is designed to be some of the fastest in the world, powering iPads and Macs. Their strength is speculative execution, a feature that guesses what you’ll need next to keep things running smoothly.
But new research shows this speed boost comes with a cost. When these guesses are wrong, they can create vulnerabilities that hackers could use to access sensitive information, like emails and credit card details.
SLAP & FLOP attacks
Researchers from the Georgia Institute of Technology have identified two new Apple Silicon security vulnerabilities in Apple’s recent CPUs, named SLAP and FLOP. These attacks exploit features in the M2, M3, A15, and A17 chips that are supposed to improve performance.
The problem lies in how Apple’s processors try to predict memory operations to speed up tasks. When these guesses are wrong, they accidentally open the door for hackers.
SLAP (speculative execution via Load Address Prediction) lets attackers access private data, like email content, by tricking the processor into using out-of-bounds memory. FLOP (False Load Output Prediction) goes even further, bypassing memory safety checks.
These aren’t just theoretical attacks. The team demonstrated how SLAP could extract private emails from Safari and how FLOP could recover sensitive data like credit card details.
While there’s no evidence of hackers exploiting these flaws in the wild yet, the potential is there.
Apple’s next move
SLAP and FLOP are similar to other speculative execution attacks like Spectre and Meltdown, which caused widespread concerns a few years ago. The difference here is that they specifically target Apple’s hardware.
SLAP and FLOP. Image credit: Georgia Institute of Technology
Apple hasn’t yet released a fix, but it’s aware of the Apple Silicon vulnerabilities. The researchers who found SLAP and FLOP notified Apple about a year ago for one flaw, and about six months ago for the other.
However the M4 chip was well underway at that time. True fixes often require changes at the chip level, which can’t happen until the next generation of processors.
Software updates might mitigate the problem.
What you can do to stay safe
If your Mac, iPhone, or iPad uses an M2, M3, A15, or A17 chip, it’s vulnerable. That includes devices like the M2 MacBook Air, the iPhone 15 Pro, and the latest iPads. Older devices with M1 or earlier chips aren’t impacted by these particular vulnerabilities, though they might face different risks.
Keep your devices updated with the latest software, including security patches. Avoid untrusted websites and disable JavaScript when not needed. Browser extensions that block scripts can also help.
