Technology News
English Edition
  • Home
  • Internet
  • Internet News
  • Recent iPhone, Mac Models Susceptible to Side Channel Exploitation, Putting Sensitive Information at Risk: Report

Recent iPhone, Mac Models Susceptible to Side Channel Exploitation, Putting Sensitive Information at Risk: Report 4p373q

Even Apple's latest devices such as the iPhone 16 models and M4 Macs are at risk of exploitation. 2o1f1b

Written by Siddharth Suvarna | Updated: 29 January 2025 15:44 IST
Recent iPhone, Mac Models Susceptible to Side Channel Exploitation, Putting Sensitive Information at Risk: Report

Photo Credit: Apple 62m2c

iPhone 16 is one of the models affected, researchers say

Highlights
  • A and M-series chips are said to be susceptible to side-channel attacks
  • FLOP attack can steal data from Google Maps and iCloud Calendar
  • Attacks exploit speculative execution in Apple Silicon chipsets
ment

Security researchers have discovered new vulnerabilities in iPhone 16 models and M4 Macs could fall prey to this exploitation.

Apple Devices are at Risk 1ih5b

In an Ars Technica report, security researchers highlighted that the following Apple devices are at risk of being prone to sensitive data theft:

  1. All Mac laptops from 2022–present
  2. All iMac models from 2023–present
  3. All iPad Pro, Air, and Mini models from September 2021–present
  4. All iPhone models from September 2021–present

What Causes the Vulnerability 2h4b3s

Security researchers revealed that threat actors can exploit Apple's A and M-series chipsets by executing two types of side channel attacks. Rather than directly targeting algorithms or cryptographic defenses, these attacks involve exploitation of unintended system information, such as electromagnetic emissions, power consumption, timing, and even sound. The problem in Apple Silicon chips arises due to an optimisation technique used by the U called speculative execution. It predicts and executes instructions in advance, and even predicts the data flow to improve the processing speed.

The most dangerous of the two attacks is dubbed Floating-point Operations or FLOP, explain researchers. It exploits the speculative execution in the chips' load value predictor (LVP) — a component which predicts memory contents when they are not readily accessible. It induces forward values from malformed data to LVP to gain access to off-limit memory contents. With FLOP, threat actors can reportedly steal sensitive information like location history from Google Maps and events from the iCloud Calendar. This requires the victim to be logged in to Gmail or iCloud in one tab and the attacker site in another for an estimated five to 10-minute duration.

Highlighting the danger, researchers noted, “If the LVP guesses wrong, the U can perform arbitrary computations on incorrect data under speculative execution. This can cause critical checks in program logic for memory safety to be byed, opening attack surfaces for leaking secrets stored in memory.”

The second attack, called Speculative Load Address Prediction or SLAP, is reported to misuse load address predictor (LAP) on the Apple Silicon chips. It is a component which predicts the memory location from which the instruction set can be accessed. SLAP exploits this security feature by forcing it to load inaccurate memory addresses. This occurs when older load instruction values are forwarded to recently scheduled arbitrary instructions. Thus, when a opens a Gmail tab on Safari and another one on an attacker website, the latter is capable of accessings JavaScript code's sensitive strings which may enable them to read the contents of the email.

FLOP is said to be more dangerous than SLAP as it can not only read memory addresses in the browser address bar, but also works against both Safari.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: IMac
Shaurya Tomer
Shaurya Tomer
Shaurya Tomer is a Sub Editor at Gadgets 360 with 2 years of experience across a diverse spectrum of topics. With a particular focus on smartphones, gadgets and the ever-evolving landscape of artificial intelligence (AI), he often likes to explore the industry's intricacies and innovations – whether dissecting the latest smartphone release or exploring the ethical implications of AI advancements. In his free time, he often embarks on impromptu road trips to unwind, recharge, and ...More
Pioneer VREC-H120SC Dashcam Review: A Reliable Budget Dashcam
Elon Musk's Starlink Reportedly Submits Formal Acceptance of Licence Norms, Could Launch in India Soon

Related Stories x6q4h

Recent iPhone, Mac Models Susceptible to Side Channel Exploitation, Putting Sensitive Information at Risk: Report
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

ment

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

ment

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Xiaomi 15s Pro Design, Camera Details Teased Ahead of Launch Today
  2. Vi Rolls Out 'Nonstop Hero' Plan With Truly Unlimited Data and Calls
  3. Mistral's Coding Agent Devstral Outperforms OpenAI's GPT-4.1 Mini
  4. Sam Altman Reportedly Drops Clues About 'Secret' AI Device With Jony Ive
  5. Honor 400 Series Confirmed to Get Six Years of Android Updates
#Latest Stories
  1. SpaceX Successfully Launches 23 Starlink Satellites on Brand-New Falcon 9 Rocket
  2. Polaris Wasn’t Always the North Star: How Earth’s Wobble Shifts the Celestial Pole
  3. Scientists Warn of Inadequate Solar Storm Forecasting: What You Need to Know
  4. NASA’s Perseverance Explores Mars' Oldest Rocks in Krokodillen Region
  5. New Study Uses AI to Reveal Dry Origins of Mars’ Mysterious Slope Streaks
  6. Ancient 14,000-Year-Old Solar Storm Revealed as Strongest Ever Recorded in Earth’s History
  7. New Study Confirms TeV Halos Are Common in Middle-Aged Pulsars
  8. Capuchin Monkeys Abduct Baby Howler Monkeys on Panama’s Jicarón Island, New Study Reveals
  9. Sneaky Links: Dating After Dark Now Streaming on Netflix: What You Need to Know
  10. Devika & Danny OTT Release Date Revealed: When and Where to Watch It Online?
Gadgets 360 is available in
Follow Us
Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »