Vulnerabilities discovered in Apple processors: New research highlights risks

January 29, 2025

Apple advertises its products with high performance and strong security promises. However, recent research by an international team of cyber security experts shows serious vulnerabilities in Apple’s M and A processor series. The mechanisms for speculative execution of instructions, which are used, among other things, to increase efficiency, are particularly affected.

Vulnerabilities due to faulty prediction mechanisms

The vulnerabilities identified by the researchers affect the Load Value Predictor (LVP) and the Load Address Predictor (LAP) in Apple’s processors. These mechanisms are designed to make accessing data more efficient by predicting memory addresses and values. However, incorrect predictions can cause the CPU to perform speculative calculations that could reveal sensitive information.

FLOP: the dangers of the load value predictor

In the paper ‘FLOP: Breaking the Apple M3 CPU via False Load Output Predictions’, researchers Jason Kim, Jalen Chuang, Daniel Genkin (Georgia Institute of Technology) and Yuval Yarom (Ruhr University Bochum) demonstrate that the LVP can be misused for attacks. If the LVP predicts incorrect values, this can result in security checks being bypassed and attackers being able to read memory contents. Web browsers such as Safari and Chrome are particularly affected, as attackers could use them to spy on credit card data, search histories or calendar entries, for example.

SLAP: new threat from the Load Address Predictor

In a second paper entitled ‘SLAP: Data Speculation Attacks via Load Address Prediction on Apple Silicon’, the same research team examined the Load Address Predictor (LAP). This module predicts the next memory address from which the CPU will retrieve data. Incorrect predictions can enable attackers to execute calculations in an insecure state, allowing them to spy on email content or browser activity.

Significance of research for IT security

The discovery of these vulnerabilities highlights the challenges in developing powerful yet secure processor architectures. ‘Unfortunately, we repeatedly find that security often falls by the wayside,’ explains Prof. Dr. Yuval Yarom from the Ruhr University Bochum. The researchers reported the security vulnerabilities to Apple in May and September 2024, so that the manufacturer was able to take countermeasures.

The results of these investigations will be presented at renowned conferences: FLOP at the USENIX Security Symposium 2025 and SLAP at the IEEE Symposium on Security and Privacy 2025. Further information is available at https://predictors.fail/.

Conclusion

The latest findings regarding the vulnerabilities in Apple’s processors show that the balance between performance optimisation and security continues to be a major challenge. Manufacturers need to take a closer look at the potential risks of new technologies in order to better protect their products against attacks. For users, this means always installing the latest security updates and being aware of the possible risks.

Related Articles

Euralarm releases new white paper on fire alarm sensors

Euralarm releases new white paper on fire alarm sensors

Euralarm has published a White Paper on multi-sensor fire detectors and how these devices can help to reduce false alarms. The document is intended for fire safety professionals, building managers, and regulatory authorities. Fire detection is a critical component of...

Face recognition 2.0 from a great distance

Face recognition 2.0 from a great distance

LiDAR system from researchers at Heriot-Watt University impresses with extremely high resolution: Comparison of a LiDAR image with the original (Photo: Aongus McCarthy, hw.ac.uk) In the future, it will be possible to recognise a face from a distance of hundreds of...

‘SUPER’ races safely through treacherous terrain

‘SUPER’ races safely through treacherous terrain

Drones developed by engineers at the University of Hong Kong use LiDAR technology to orient themselves ‘SUPER’ is what roboticists at the University of Hong Kong (https://www.hku.hk/ ) call their new flying robot, which is designed to move through unfamiliar terrain...

Share This