• Home
  • Internet
  • Internet News
  • Recent iPhone, Mac Models Susceptible to Side Channel Exploitation, Putting Sensitive Information at Risk: Report

Recent iPhone, Mac Models Susceptible to Side Channel Exploitation, Putting Sensitive Information at Risk: Report

Even Apple's latest devices such as the iPhone 16 models and M4 Macs are at risk of exploitation.

Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
Recent iPhone, Mac Models Susceptible to Side Channel Exploitation, Putting Sensitive Information at Risk: Report

Photo Credit: Apple

iPhone 16 is one of the models affected, researchers say

Highlights
  • A and M-series chips are said to be susceptible to side-channel attacks
  • FLOP attack can steal data from Google Maps and iCloud Calendar
  • Attacks exploit speculative execution in Apple Silicon chipsets
Advertisement

Security researchers have discovered new vulnerabilities in Apple's in-house Silicon chipsets which may leave it exposed to exploitation, according to a report. The Cupertino-based technology company's A and M-series chipsets, which power the iPhone/iPad and Mac, respectively, are said to be susceptible to side channel attacks which may allow threat actors to access the memory contents, including data from apps like Google Maps and iCloud Calendar, that may otherwise be off limits. The report reveals that even the latest iPhone 16 models and M4 Macs could fall prey to this exploitation.

Apple Devices are at Risk

In an Ars Technica report, security researchers highlighted that the following Apple devices are at risk of being prone to sensitive data theft:

  1. All Mac laptops from 2022–present
  2. All iMac models from 2023–present
  3. All iPad Pro, Air, and Mini models from September 2021–present
  4. All iPhone models from September 2021–present

What Causes the Vulnerability

Security researchers revealed that threat actors can exploit Apple's A and M-series chipsets by executing two types of side channel attacks. Rather than directly targeting algorithms or cryptographic defenses, these attacks involve exploitation of unintended system information, such as electromagnetic emissions, power consumption, timing, and even sound. The problem in Apple Silicon chips arises due to an optimisation technique used by the CPU called speculative execution. It predicts and executes instructions in advance, and even predicts the data flow to improve the processing speed.

The most dangerous of the two attacks is dubbed Floating-point Operations or FLOP, explain researchers. It exploits the speculative execution in the chips' load value predictor (LVP) — a component which predicts memory contents when they are not readily accessible. It induces forward values from malformed data to LVP to gain access to off-limit memory contents. With FLOP, threat actors can reportedly steal sensitive information like location history from Google Maps and events from the iCloud Calendar. This requires the victim to be logged in to Gmail or iCloud in one tab and the attacker site in another for an estimated five to 10-minute duration.

Highlighting the danger, researchers noted, “If the LVP guesses wrong, the CPU can perform arbitrary computations on incorrect data under speculative execution. This can cause critical checks in program logic for memory safety to be bypassed, opening attack surfaces for leaking secrets stored in memory.”

The second attack, called Speculative Load Address Prediction or SLAP, is reported to misuse load address predictor (LAP) on the Apple Silicon chips. It is a component which predicts the memory location from which the instruction set can be accessed. SLAP exploits this security feature by forcing it to load inaccurate memory addresses. This occurs when older load instruction values are forwarded to recently scheduled arbitrary instructions. Thus, when a user opens a Gmail tab on Safari and another one on an attacker website, the latter is capable of accessings JavaScript code's sensitive strings which may enable them to read the contents of the email.

FLOP is said to be more dangerous than SLAP as it can not only read memory addresses in the browser address bar, but also works against both Google Chrome and Safari.

Play Video
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Shaurya Tomer
Shaurya Tomer is a Sub Editor at Gadgets 360 with 2 years of experience across a diverse spectrum of topics. With a particular focus on smartphones, gadgets and the ever-evolving landscape of artificial intelligence... more  »
Pioneer VREC-H120SC Dashcam Review: A Reliable Budget Dashcam
Elon Musk's Starlink Reportedly Submits Formal Acceptance of Licence Norms, Could Launch in India Soon

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »