- Academic researchers found two new speculative execution failures
- The pair is affecting M2 and M3 processors
- Apple has recognized defects and said it would fix it
Apple devices fed with M2/A15 and M3/A17 chips are vulnerable to the defects of lateral channels that could put user data at risk of being stolen, experts warned.
Cybersecurity researchers from the Georgia Institute of Technology and the University of Ruhr Bochum, who recently published two separate articles, detailing the two vulnerabilities called Flop and Slap.
However, these defects do not affect energy consumption patterns during cryptographic operations, but rather speculative execution, similar to what were the dreaded vulnerabilities of Specter and Meltdown. Speculative execution is a technique used by processors to improve performance. It implies the CPU by guessing the probable route of a program (such as what instruction will be executed below) and start executing it before the real decision is made. If the assumption is correct, it accelerates the processing; If not, the incorrect results are discarded.
Practical application
Explaining their findings to BleepingcomputerThe researchers said that erroneous predictions can lead to chips that perform calculations with incorrect data.
“Starting with the M3/A17 generation, they try to predict the value of data that will be returned from the memory. However, erroneous predictions in these mechanisms can result in arbitrary calculations that are made in data outside the limits or values of data data incorrect, “they” said.
In general, when academic researchers find computer errors, they are mostly theoretical or extremely difficult to achieve in a real life scenario. However, for these, the researchers explained how a threat actor could create a malicious website, containing the JavaScript code and uses it to extract personal identification information from the victims.
They shared their findings with Apple (at the end of March for Slap, already beginning of September for Flop), who recognized their findings and confirmed that he would be working on a solution. However, it seems that the Cupertino giant will not rush, since he does not believe that errors are so great
“We want to thank the researchers for their collaboration, since this proof of concept advances our understanding of this type of threats,” Apple told Bleepingcomputer.
“According to our analysis, we do not believe that this problem represents an immediate risk for our users.”
Those interested in technical details can read the in -depth analysis here. These are the same researchers who discovered the vulnerability of Ileakage a year and a half ago, Bleepingcomputer remember. That was also a side channel defect.
