- Academic researchers found two new speculative execution flaws
- The pair are affecting M2 and M3 processors
- Apple has acknowledged the flaws, and said it would fix it
Apple devices powered with the M2/A15 and M3/A17 chips are vulnerable to side-channel flaws which could put user data at risk of being stolen, experts have warned.
Cybersecurity researchers from the Georgia Institute of Technology and Ruhr University Bochum, who recently published two separate papers, detailing the two vulnerabilities called FLOP and SLAP.
These flaws, however, don’t affect power consumption patterns during cryptographic operations, but rather speculative execution, similar to what the dreaded Spectre and Meltdown vulnerabilities were. Speculative execution is a technique used by processors to improve performance. It involves the CPU guessing the likely path of a program (like which instruction will be executed next) and starting to execute it before the actual decision is made. If the guess is correct, it speeds up processing; if not, the incorrect results are discarded.
Practical application
Explaining their findings to BleepingComputer, the researchers said mispredictions can lead to chips performing computations with the wrong data.
“Starting with the M3/A17 generation, they attempt to predict the data value that will be returned from memory. However, mispredictions in these mechanisms can result in arbitrary computations being performed on out-of-bounds data or wrong data values,” they said.
Usually, when academic researchers find computer bugs, they are mostly theoretical, or otherwise extremely difficult to pull off in a real-life scenario. For these, however, the researchers explained how a threat actor could create a malicious website, containing JavaScript code, and use it to pull personally identifiable information from the victims.
They shared their findings with Apple (in late March for SLAP, and in early September for FLOP), who acknowledged their findings and confirmed it would be working on a fix. However, it seems that the Cupertino behemoth won’t be rushing, since it doesn’t think the bugs are that big of a deal
“We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats,” Apple told BleepingComputer.
“Based on our analysis, we do not believe this issue poses an immediate risk to our users.”
Those interested in technical details can read the in-depth analysis here. These are the same researchers that discovered the iLeakage vulnerability a year and a half ago, BleepingComputer reminds. That one, too, was a side-channel flaw.
Leave a comment