Skip to main content

Apple isn’t addressing hardware threat to M-series Macs

A person running Steam on the M4 MacBook Pro. Rocket League is up on the screen
Chris Hagan / Digital Trends

Security researchers have discovered new security flaws affecting Apple devices with M2 or A15 chips and onwards. This includes iPhones, iPads, Mac laptops, and Mac desktops. The vulnerabilities, dubbed SLAP and FLOP and first reported by Bleeping Computer, could allow attackers to read information from a user’s open web tabs. Depending on the tabs you have open, this could put sensitive data like passwords and banking information at risk. 

This isn’t a software problem, but rather a hardware flaw that affects CPUs and leaves them vulnerable to side channel attacks. This kind of exploit measures CPU activity and uses factors like power consumption, timing, and sound to infer information about the user’s behavior. The Spectre and Meltdown flaws from 2018 worked in a similar way.

Recommended Videos

It’s pretty complicated stuff, but the important part is that it makes it possible for attackers to get their hands on sensitive information even when it’s properly protected by the software your PC is running. The cause of these weaknesses isn’t purely an Apple problem, it’s a performance optimization that’s used on most modern CPUs.

Computer programs are just a long series of instructions that the CPU executes, but because there are so many different outcomes to cover, those instructions expand into all sorts of different branches. “If A then do X, if B then do Y,” or “If A happens, return to point X” — in a large program, millions of decisions like these happen in order to progress. 

To speed things up, it’s now standard practice to predict which path the CPU should take and start executing instructions further down the line. This way, more work can be done at the same time, rather than every instruction waiting for its turn in the proper order. 

This optimization is called speculative execution or branch prediction, and because it’s based on predictions, it doesn’t always go well. It’s when the predictions backfire that we get these hardware vulnerabilities that attackers can take advantage of. 

SLAP and FLOP flaws on Apple Silicon.
predictors.fail / predictors.fail

The full names of the new flaws are “Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP)” and “Breaking the Apple M3 CPU via False Load Output Predictions (FLOP).” They both cause essentially the same problem, but while SLAP is limited to the Safari browser, FLOP works with Chrome as well. 

The research proves with demos that attacks based on these flaws are possible, but there’s no evidence of any cybercriminals using them at the moment. The researchers shared their findings with Apple last year and said that the company responded, stating that it plans to address the issues. However, months have passed and since the papers have been published, the only official comment from Apple (to BleepingComputer) is this:

“We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats. Based on our analysis, we do not believe this issue poses an immediate risk to our users.”

Although these attacks don’t involve malware, they still begin with a visit to a malicious website. As always, the best way to protect yourself until we get security updates is to be careful of suspicious links and URLs while browsing.

Willow Roberts
Willow Roberts has been a Computing Writer at Digital Trends for a year and has been writing for about a decade. She has a…
Apple defends the M4 Mac mini’s power button
The underside of the M4 Mac mini, showing its vent and power button.

Apple announced a new wave of product refreshes recently, and not only does the charging port for the Magic Mouse remain on the bottom of the device -- the M4 Mac mini's power button has been moved to the bottom, too. These design choices have riled up plenty of people, but it seems Apple stands by its new power button placement for the Mac mini.

In a video posted on Chinese social media platform Bilibili, Apple's Greg Joswiak not only defends the decision but praises it. He calls it a "kind of optimal spot for a power button," claiming that you just need to "kinda tuck your finger in there and hit the button."

Read more
Is the M4 Mac mini Apple’s first true gaming PC?
Mac Mini with M4

The M4 Mac mini made its big splash last week. Among the normal Apple marketing content, however, I noticed something I'd never seen before. It's the image above that I'm talking about -- and by now, you've probably noticed the same thing that caught my eye. The PS5 controller.

Sure, you've always been able to connect up a game controller and use it for Mac gaming, but never have I seen it promoted by Apple itself. By putting this so forward in the marketing materials, Apple is not-so-subtly implying that these are PCs that are at least to some degree built for gaming. Is this Apple's first true attempt at taking a real step into the world of PC gaming? There's more evidence than you might think.
Building momentum

Read more
Apple’s M4 iMac brings next-gen power to your desktop
People using the Apple iMac with M4 chip.

Apple has brought its M4 chip to the iMac, making it the first Mac to get Apple’s latest silicon chip. The update also brings new colors and a significant performance improvement for the all-in-one desktop computer, and it comes a year after it received the previous-generation M3 chip. As with the previous M1 and M3 iMacs, the M4 model is compatible with Apple Intelligence.

It comes at the beginning of a week of product releases from Apple, with the company previously teasing that it had much more to reveal in the coming days. The updates could see the entire Mac lineup receive some variant of the M4 chip (including more powerful M4 Pro, M4 Max and M4 Ultra editions) over the coming months.

Read more