Those Fancy New Apple M2, M3 And M4 Processors Are Leaking Data

Yes, Of Course It’s Speculative Execution

The new Apple Cortex series processors, aka M2, M3 and M4, have a problem which will be familiar to Intel and AMD users.  The first is called False Load Output Prediction (FLOP) and effects the M3 and M4 processors.  Their technique of predicting what memory addresses will next be accessed and the values present can be tricked into an incorrect prediction.  While the CPU is in that state, it is vulnerable to a cache timing attack which can be used by an attacker to guess values that need to remain secure in order for things like Safari’s sandbox function.  Researchers found that once they have the ability to escape the sandbox function to steal passwords, email data and even location data.

The second flaw is called Speculative Load Address Prediction (SLAP) and instead of targeting values stored in memory it goes after memory addresses.  This one applies to M2 as well as M3 and M4 chips, and similar to FLOP it leverages the training the CPU does for it’s speculative execution feature.  Once the CPU is used to the pattern being fed the pattern is changed and the CPU can be tricked into reading and revealing sensitive data.  A single attack is not quite enough to reveal all the data, however an attacker can perform this attack several times and harvest things like Gmail data or Amazon orders.

These two vulnerabilities are unpatched at the moment, and can be invisibly leveraged with a webpage that has been maliciously modified.  You can disable JavaScript to ensure your safety until the patches arrive, however that will break the majority of the internet for you.