Security researchers have discovered new vulnerabilities in Apple’s internal silicon chipset that could expose it to exploitation, a report said. Cupertino-based technology company’s A and M series chipsets power iPhone/iPad and Mac, respectively, are said to be vulnerable to side channel attacks, which may allow threatening participants to access memory content, including those such as Google. Class of application data map and iCloud calendar, otherwise it may be restricted. The report suggests that even the latest iPhone 16 models and M4 Macs may suffer from such exploitation prey.
Apple devices are risky
In the ARS technical report, security researchers stressed that the following Apple devices are at risk of being vulnerable to sensitive data theft:
- All MAC laptops for 2022
- All 2023 iMac models
- All iPad Pro, Air and Mini models start in September 2021
- All iPhone models start in September 2021
What causes vulnerability
Security researchers revealed that threat actors can exploit Apple’s A and M series chipsets by performing two types of side channel attacks. These attacks are not directed at algorithms or encryption defenses, but involve the development of unexpected system information such as electromagnetic emissions, power consumption, timing and even sound. The problem in Apple Silicon chips is due to the optimization technology used by the CPU called speculative execution. It predicts and executes instructions in advance, and can even predict data streams to increase processing speed.
The most dangerous of these two attacks is called floating point operations or failures, the researchers explained. It takes advantage of speculative execution in the chip’s load value predictor (LVP), which predicts memory content when not easily accessible. It induces forward values from wrong data to LVP to access limited memory content. Using Flop, threat actors can steal sensitive information, such as stealing sensitive information from events in Google Maps and iCloud calendars. This requires the victim to log in to gmail or iCloud in one tab and then log in to the attacker’s site in another tab, which is estimated to last between five and ten minutes.
The researchers noted that stressing the danger, “If LVP guessed wrong, the CPU could do arbitrary calculations of the wrong data under speculative execution. This could lead to critical checks in program logic to ensure memory security, opening the attack surface to leak storage, Secrets in memory.”
The second attack, known as speculative load address prediction or a slap, is reportedly abusing the load address predictor (LAP) on the Apple Silicon chip. It is a component that predicts the memory location where the instruction set can be accessed. Slap takes advantage of this security feature by forcing inaccurate memory addresses to load. This happens when older load instruction values are forwarded to any of the most recently planned instructions. So when users open the Gmail tab on Safari and open another tab on the attacker’s website, the latter is able to access sensitive strings of JavaScript code, which may allow them to read the contents of the email.
Flop is said to be more dangerous than Slap because it not only reads memory addresses in the browser address bar, but it also fights Google Chrome and Safari.
