New vulnerabilities have been identified in Apple’s proprietary Silicon chipsets, potentially exposing the technology giant to significant security threats. Reports indicate that both the A and M-series chipsets, which are integral to devices like the iPhone, iPad, and Mac, are vulnerable to side channel attacks. These attacks could allow cybercriminals to gain unauthorized access to sensitive data stored in applications including Google Maps and iCloud Calendar, data that is otherwise secured. Alarmingly, even the latest iPhone 16 models and M4 Macs are at risk of being compromised.
Apple Devices are at Risk
An article from Ars Technica outlines the scope of the vulnerability, specifying that the following Apple devices may be susceptible to potential data breaches:
- All Mac laptops released since 2022
- All iMac models launched in 2023 and later
- All iPad Pro, Air, and Mini variants from September 2021 onward
- All iPhone models introduced since September 2021
What Causes the Vulnerability
Researchers explain that the vulnerabilities in Apple’s A and M-series chipsets are rooted in the usage of two distinct types of side channel attacks. These attacks do not explicitly target algorithms or cryptographic protocols; instead, they exploit unintended system data such as electromagnetic emissions, power usage, timing, and even auditory signals. The core issue with Apple’s Silicon chips stems from a technique known as speculative execution, which allows the CPU to anticipate and pre-execute instructions, thereby improving processing efficiency.
The most critical of these attacks is termed Floating-point Operations, or FLOP, according to the researchers. This method capitalizes on the speculative execution capabilities of the chips’ load value predictor (LVP), enabling attackers to gain unauthorized access to memory contents that would typically remain protected. Through this exploitation, attackers can potentially extract sensitive information, including location data from Google Maps and calendar events from iCloud, given that the victim is logged into their Gmail or iCloud account alongside an attacker-operated website for a span of five to ten minutes.
Researchers emphasized the risks associated with this vulnerability: “If the LVP makes incorrect predictions, the CPU may perform computations on incorrect data under speculative execution. This misstep can circumvent critical memory safety checks, thereby exposing attack surfaces that allow secret leakage.”
The second type of vulnerability, dubbed Speculative Load Address Prediction (SLAP), exploits a similar security feature known as the load address predictor (LAP) within Apple’s Silicon architecture. This component predicts memory locations needed for processing instructions. Through SLAP, attackers can manipulate LAP to load incorrect memory addresses, which can facilitate the accessing of sensitive data from JavaScript on sites opened alongside Gmail in a web browser.
While both attacks pose significant risks, FLOP is considered more severe as it can read memory addresses in browser toolbars and affects multiple browsers, including both Google Chrome and Safari.
