This post is also available in:
עברית (Hebrew)
Apple’s commitment to delivering both top-tier performance and robust security has long been a hallmark of its product line. However, new research by an international team of cybersecurity experts, including Yuval Yarom from Ruhr University Bochum, has uncovered two significant vulnerabilities in Apple’s latest M-series processors. These findings could have serious implications for the security of devices running on Apple’s M3 and M2 chips.
The research highlights flaws in Apple’s Load Value Predictor (LVP) and Load Address Predictor (LAP) mechanisms—key components in the company’s CPU architecture designed to speed up processing by predicting memory access.
In their first paper, “FLOP: Breaking the Apple M3 CPU via False Load Output Predictions,” the researchers demonstrated that when the LVP makes incorrect predictions, it can lead the processor to perform calculations based on wrong data. This speculative execution flaw opens the door for attackers to bypass critical security checks in program logic, exposing sensitive data such as passwords, credit card information, and other private details stored in memory. The vulnerabilities were found to affect web browsers like Safari and Chrome, potentially allowing hackers to access private browsing history and other personal information, according to TechXplore.
The second paper, “SLAP: Data Speculation Attacks via Load Address Prediction on Apple Silicon,” exposes a similar flaw in the LAP, which predicts the next memory address to be accessed by the CPU. When the LAP incorrectly guesses the address, the processor may initiate arbitrary calculations, putting user data at risk. This vulnerability enables potential attacks on the Safari browser, where attackers could gain access to sensitive content, such as emails and browser activity, TechXplore explains.
The research team, which includes Jason Kim, Jalen Chuang, and Daniel Genkin from Georgia Institute of Technology, reported these vulnerabilities to Apple’s Product Security Team last year as part of a responsible disclosure process.
The team’s discoveries highlight the ongoing challenges in balancing performance optimization with maintaining robust security. As Apple continues to develop more advanced processors, these findings emphasize the need for heightened security measures to protect users from emerging threats.
