Search

Recent iPhone, Mac Models Susceptible to Side Channel Exploitation, Putting Sensitive Information at Risk: Report

Even Apple's latest devices such as the iPhone 16 models and M4 Macs are at risk of exploitation.

Advertisement
Highlights
  • A and M-series chips are said to be susceptible to side-channel attacks
  • FLOP attack can steal data from Google Maps and iCloud Calendar
  • Attacks exploit speculative execution in Apple Silicon chipsets
Recent iPhone, Mac Models Susceptible to Side Channel Exploitation, Putting Sensitive Information at Risk: Report

iPhone 16 is one of the models affected, researchers say

Photo Credit: Apple

Security researchers have discovered new vulnerabilities in Apple's in-house Silicon chipsets which may leave it exposed to exploitation, according to a report. The Cupertino-based technology company's A and M-series chipsets, which power the iPhone/iPad and Mac, respectively, are said to be susceptible to side channel attacks which may allow threat actors to access the memory contents, including data from apps like Google Maps and iCloud Calendar, that may otherwise be off limits. The report reveals that even the latest iPhone 16 models and M4 Macs could fall prey to this exploitation.

Apple Devices are at Risk

In an Ars Technica report, security researchers highlighted that the following Apple devices are at risk of being prone to sensitive data theft:

  1. All Mac laptops from 2022–present
  2. All iMac models from 2023–present
  3. All iPad Pro, Air, and Mini models from September 2021–present
  4. All iPhone models from September 2021–present

What Causes the Vulnerability

Security researchers revealed that threat actors can exploit Apple's A and M-series chipsets by executing two types of side channel attacks. Rather than directly targeting algorithms or cryptographic defenses, these attacks involve exploitation of unintended system information, such as electromagnetic emissions, power consumption, timing, and even sound. The problem in Apple Silicon chips arises due to an optimisation technique used by the CPU called speculative execution. It predicts and executes instructions in advance, and even predicts the data flow to improve the processing speed.

The most dangerous of the two attacks is dubbed Floating-point Operations or FLOP, explain researchers. It exploits the speculative execution in the chips' load value predictor (LVP) — a component which predicts memory contents when they are not readily accessible. It induces forward values from malformed data to LVP to gain access to off-limit memory contents. With FLOP, threat actors can reportedly steal sensitive information like location history from Google Maps and events from the iCloud Calendar. This requires the victim to be logged in to Gmail or iCloud in one tab and the attacker site in another for an estimated five to 10-minute duration.

Highlighting the danger, researchers noted, “If the LVP guesses wrong, the CPU can perform arbitrary computations on incorrect data under speculative execution. This can cause critical checks in program logic for memory safety to be bypassed, opening attack surfaces for leaking secrets stored in memory.”

The second attack, called Speculative Load Address Prediction or SLAP, is reported to misuse load address predictor (LAP) on the Apple Silicon chips. It is a component which predicts the memory location from which the instruction set can be accessed. SLAP exploits this security feature by forcing it to load inaccurate memory addresses. This occurs when older load instruction values are forwarded to recently scheduled arbitrary instructions. Thus, when a user opens a Gmail tab on Safari and another one on an attacker website, the latter is capable of accessings JavaScript code's sensitive strings which may enable them to read the contents of the email.

FLOP is said to be more dangerous than SLAP as it can not only read memory addresses in the browser address bar, but also works against both Google Chrome and Safari.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

 
Show Full Article
Please wait...
Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo T4x 5G to Launch in India Soon; Price, Availability Revealed
  2. Redmi Note 14 5G Gets a New Colour Option in India
  3. Perplexity Launches Deep Research to Rival OpenAI and Google
  1. Redmi Note 14 5G Ivy Green Colour Variant Launched in India: Price, Specifications
  2. Vivo T4x 5G to Launch in India Soon; Price Range, Availability Confirmed
  3. Perplexity Introduces Deep Research That Can Generate Expert-Level Reports on Complex Topics
  4. Blue Origin Prepares Second New Glenn Launch, Aims for Better Landing
  5. Curiosity Rover Observes Iridescent Clouds on Mars, Offering New Insights
  6. Genetic Mutations May Directly Influence Epigenetic Clocks and Aging
  7. Astronomers Spot a High-Speed Star That May Carry a Planet With It
  8. Prowatch X With 1.43-Inch AMOLED Screen, IP68 Rating Launched in India
  9. Webb Telescope Unveils Hidden Process Behind Star Formation in Phoenix Cluster
  10. Quantum Research Reveals Time May Not Always Move Forward
Gadgets 360 is available in
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »