Apple has always promoted its processors as both fast and secure.
But a team of international cybersecurity researchers has now discovered two major security flaws in Apple’s latest chips, which could put users’ sensitive data at risk.
The researchers, including experts from the Georgia Institute of Technology and Ruhr University Bochum in Germany, will present their findings at top cybersecurity conferences, IEEE SP 2025 and USENIX Security 2025.
To make Apple’s M-series and A-series chips faster, Apple uses prediction technology to speed up data processing.
The researchers focused on two key features in these processors that try to predict data before it’s needed.
- FLOP Attack – False Load Output Predictions
- Apple’s Load Value Predictor (LVP) guesses future data values to speed up processing.
- If this prediction is wrong, the processor briefly works with incorrect data before correcting itself.
- This flaw can allow attackers to bypass security checks and gain access to sensitive information stored in memory.
- This could affect web browsers like Safari and Chrome, potentially exposing data such as credit card details, search history, and calendar events.
- SLAP Attack – Load Address Prediction Flaw
- Apple processors use a Load Address Predictor (LAP) to guess where data will be stored next.
- If the LAP makes a mistake, attackers can trick the processor into running unauthorized calculations.
- This flaw could allow hackers to spy on email content and browser activity in Safari.
These security flaws could be used by hackers to steal personal information without users even realizing it.
Attackers could gain access to stored passwords, browsing history, and sensitive emails simply by exploiting these weaknesses.
The researchers alerted Apple to these issues in May and September last year, following a responsible disclosure process.
This gave Apple time to work on security updates to fix the vulnerabilities before making the research public. However, Apple has not yet released official details on how it plans to address these risks.
- Keep your devices updated – Install all security updates as soon as Apple releases them.
- Be cautious with sensitive activities – Avoid entering financial or personal details on untrusted websites.
- Use security tools – Consider using additional security software or browser extensions for extra protection.
While Apple is known for its strong security, these findings show that even the best systems can have flaws. Hopefully, Apple will release fixes soon to keep users safe from these new threats.
