1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Apple CPU security issue could let hackers steal user data from b

    From TechnologyDaily@1337:1/100 to All on Wed Jan 29 13:15:07 2025
    Apple CPU security issue could let hackers steal user data from browsers

    Date:
    Wed, 29 Jan 2025 13:03:10 +0000

    Description:
    Two worrying flaws have been found, so be on your guard.

    FULL STORY ======================================================================Academic
    researchers found two new speculative execution flaws The pair are affecting M2 and M3 processors Apple has acknowledged the flaws, and said it would fix it

    Apple devices powered with the M2/A15 and M3/A17 chips are vulnerable to side-channel flaws which could put user data at risk of being stolen, experts have warned.

    Cybersecurity researchers from the Georgia Institute of Technology and Ruhr University Bochum, who recently published two separate papers, detailing the two vulnerabilities called FLOP and SLAP.

    These flaws, however, dont affect power consumption patterns during cryptographic operations, but rather speculative execution, similar to what the dreaded Spectre and Meltdown vulnerabilities were. Speculative execution is a technique used by processors to improve performance. It involves the CPU guessing the likely path of a program (like which instruction will be
    executed next) and starting to execute it before the actual decision is made. If the guess is correct, it speeds up processing; if not, the incorrect results are discarded. Practical application

    Explaining their findings to BleepingComputer , the researchers said mispredictions can lead to chips performing computations with the wrong data.

    "Starting with the M3/A17 generation, they attempt to predict the data value that will be returned from memory. However, mispredictions in these
    mechanisms can result in arbitrary computations being performed on out-of-bounds data or wrong data values," they said.

    Usually, when academic researchers find computer bugs, they are mostly theoretical, or otherwise extremely difficult to pull off in a real-life scenario. For these, however, the researchers explained how a threat actor could create a malicious website, containing JavaScript code, and use it to pull personally identifiable information from the victims.

    They shared their findings with Apple (in late March for SLAP, and in early September for FLOP), who acknowledged their findings and confirmed it would
    be working on a fix. However, it seems that the Cupertino behemoth wont be rushing, since it doesnt think the bugs are that big of a deal

    "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," Apple told BleepingComputer .

    "Based on our analysis, we do not believe this issue poses an immediate risk to our users."

    Those interested in technical details can read the in-depth analysis here . These are the same researchers that discovered the iLeakage vulnerability a year and a half ago, BleepingComputer reminds. That one, too, was a side-channel flaw. You might also like Google and Microsoft find new strain
    of Spectre and Meltdown Here's a list of the best firewalls around today
    These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/apple-cpu-security-issue-could-see-devi ces-steal-user-data-from-browsers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)