AI summary:
The article discusses two new side-channel speculative execution attacks targeting Apple silicon, named SLAP and FLOP. These attacks were presented by security researchers from the Georgia Institute of Technology and Ruhr University Bochum.
- SLAP (Data Speculation Attacks via Load Address Prediction): Exploits Apple Silicon’s Load Address Predictor, potentially leaking information like emails and browsing history.
- FLOP (False Load Output Predictions): Exploits Apple Silicon’s Load Value Predictor, potentially leaking sensitive data like credit card information and location history.
Apple has acknowledged these vulnerabilities but stated they do not pose an immediate risk to users. The researchers have not observed these attacks in the wild yet. Users can mitigate risks by disabling JavaScript in Safari, though this may cause compatibility issues with websites
More precisely it’s speculating on the results of a yet to be executed (but already known) instruction, e.g. whether a branch will be taken or not, and begins to execute instructions in that branch before the final verdict of whether it will be taken is done. If it guessed right, it can just continue, if it guessed wrong, it has to cover its tracks, making sure that what it did is in no way observable. It’s the latter part, “in no way observable”, that all these security failures are about: If you can somehow observe that stuff, you might be able to observe stuff you’re not supposed to see because the branch speculatively taken was “nope, you’re not allowed to do this”.
All that might be hard to grasp without an understanding how modern CPUs execute instructions, which very much is not “an instruction at a time”, Computerphile has excellent videos about pipelining and branch prediction.