Published in News

New Apple chip flaws leak sensitive browser data

by on07 August 2025
New Apple chip flaws leak sensitive browser data


FLOP and SLAP attacks make a mockery of Job’s Mob's ‘secure by design’ claims

The fruity cargo cult Apple is having a rough time defending its so-called security-first design philosophy after researchers found two serious vulnerabilities in its custom silicon that can quietly siphon off browser data like credit card details, email contents and location history.

The flaws, known as FLOP and SLAP, affect A- and M-series chips inside recent iPhones, iPads and Macs. For those who came in late, these are the same processors Apple, and its minions in the Tame Apple Press brag about in its marketing, calling them cutting-edge and secure. However, they are wide open to speculative execution side-channel attacks, a trick borrowed straight from the Meltdown and Spectre playbook.

FLOP, short for Faulty Load Operation Predictor, targets the Load Value Predictor by feeding it garbage guesses during speculative execution. When the chip preloads the wrong data, the attacker gets a peek at what is sitting in memory. This works across both Safari and Chrome and gives access to anything the user is already logged into, including Gmail, iCloud Calendar and Proton Mail.

All it takes is visiting a malicious website. No malware, pop-ups, dodgy downloads. Apple fanboys just have to click and bleed.

SLAP, or Speculative Load Address Predictor, hits another speculative feature in Apple silicon and pulls memory from other open browser tabs. It is limited to Safari and only reads data near the attacker’s own memory space, but it still bypasses browser process isolation.

The researchers said both issues have been shared with Apple, which has indicated that patches are in the works. Apple has refused to confirm all this publicly. We imagine it fears that it will cause a crisis of faith in Apple fanboys who might stop saying their prayers to Steve Jobs and be tempted to go off and find a better phone for half the price. T

An Apple spokesperson said: “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats. Based on our analysis, we do not believe this issue poses an immediate risk to our users.”

That’s not exactly the hard-nosed security stance Job’s Mob sells to punters when pushing $1000 phones and laptops. For a company that bangs on about privacy being a fundamental human right, this kind of flaw is more than a little embarrassing.

The devices affected include any M-series Mac released from 2022, and iPhones and iPads going back to September 2021.

Last modified on 07 August 2025
Rate this item
(1 Vote)
Tagged under
More in this category: « TSMC staff arrested over alleged tech theft UK Government identity check rollout raises serious security fears »
back to top

Most popular

Latest comments

Read more about: