Home » News » Apple chips can be hacked to leak secrets from Gmail, iCloud, and more

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more
May Be Interested In:Starmer plays up patriotic credentials as local elections in England loom



Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail.

The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips’ use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program.

A new direction

The Apple silicon affected takes speculative execution in new directions. Besides predicting control flow CPUs should take, it also predicts the data flow, such as which memory address to load from and what value will be returned from memory.

The most powerful of the two side-channel attacks is named FLOP. It exploits a form of speculative execution implemented in the chips’ load value predictor (LVP), which predicts the contents of memory when they’re not immediately available. By inducing the LVP to forward values from malformed data, an attacker can read memory contents that would normally be off-limits. The attack can be leveraged to steal a target’s location history from Google Maps, inbox content from Proton Mail, and events stored in iCloud Calendar.

SLAP, meanwhile, abuses the load address predictor (LAP). Whereas LVP predicts the values of memory content, LAP predicts the memory locations where instruction data can be accessed. SLAP forces the LAP to predict the wrong memory addresses. Specifically, the value at an older load instruction’s predicted address is forwarded to younger arbitrary instructions. When Safari has one tab open on a targeted website such as Gmail, and another open tab on an attacker site, the latter can access sensitive strings of JavaScript code of the former, making it possible to read email contents.

share Share facebook pinterest whatsapp x print

Similar Content

Zomato: No Quick Returns Amid Steep Competition - Forbes India
Zomato: No Quick Returns Amid Steep Competition – Forbes India March 18, 2025
Ars online IT roundtable: What’s the future of the data center?
Ars online IT roundtable: What’s the future of the data center? January 21, 2021
Calcium supplement: Excess of THIS supplement can cause heart attack | - The Times of India
Calcium supplement: Excess of THIS supplement can cause heart attack | – The Times of India January 19, 2025
Drake Announces 2025 Australia & NZ Tour Dates - Spotlight Report
Drake Announces 2025 Australia & NZ Tour Dates – Spotlight Report November 29, 2024
The real Novak Djokovic tries to stand up in front of Serena Williams in Miami
The real Novak Djokovic tries to stand up in front of Serena Williams in Miami March 26, 2025
Transfer news LIVE! Arsenal eye Isak alternative; Kerkez to Liverpool
Transfer news LIVE! Arsenal eye Isak alternative; Kerkez to Liverpool March 28, 2025
Breaking Barriers: The Stories that Move Us | © 2025 | Daily News