Skip to main content
  1. Home
  2. Computing
  3. News

Apple isn’t addressing hardware threat to M-series Macs

Add as a preferred source on Google
A person running Steam on the M4 MacBook Pro. Rocket League is up on the screen
Chris Hagan / Digital Trends

Security researchers have discovered new security flaws affecting Apple devices with M2 or A15 chips and onwards. This includes iPhones, iPads, Mac laptops, and Mac desktops. The vulnerabilities, dubbed SLAP and FLOP and first reported by Bleeping Computer, could allow attackers to read information from a user’s open web tabs. Depending on the tabs you have open, this could put sensitive data like passwords and banking information at risk. 

This isn’t a software problem, but rather a hardware flaw that affects CPUs and leaves them vulnerable to side channel attacks. This kind of exploit measures CPU activity and uses factors like power consumption, timing, and sound to infer information about the user’s behavior. The Spectre and Meltdown flaws from 2018 worked in a similar way.

Recommended Videos

It’s pretty complicated stuff, but the important part is that it makes it possible for attackers to get their hands on sensitive information even when it’s properly protected by the software your PC is running. The cause of these weaknesses isn’t purely an Apple problem, it’s a performance optimization that’s used on most modern CPUs.

Computer programs are just a long series of instructions that the CPU executes, but because there are so many different outcomes to cover, those instructions expand into all sorts of different branches. “If A then do X, if B then do Y,” or “If A happens, return to point X” — in a large program, millions of decisions like these happen in order to progress. 

To speed things up, it’s now standard practice to predict which path the CPU should take and start executing instructions further down the line. This way, more work can be done at the same time, rather than every instruction waiting for its turn in the proper order. 

This optimization is called speculative execution or branch prediction, and because it’s based on predictions, it doesn’t always go well. It’s when the predictions backfire that we get these hardware vulnerabilities that attackers can take advantage of. 

SLAP and FLOP flaws on Apple Silicon.
predictors.fail / predictors.fail

The full names of the new flaws are “Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP)” and “Breaking the Apple M3 CPU via False Load Output Predictions (FLOP).” They both cause essentially the same problem, but while SLAP is limited to the Safari browser, FLOP works with Chrome as well. 

The research proves with demos that attacks based on these flaws are possible, but there’s no evidence of any cybercriminals using them at the moment. The researchers shared their findings with Apple last year and said that the company responded, stating that it plans to address the issues. However, months have passed and since the papers have been published, the only official comment from Apple (to BleepingComputer) is this:

“We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats. Based on our analysis, we do not believe this issue poses an immediate risk to our users.”

Although these attacks don’t involve malware, they still begin with a visit to a malicious website. As always, the best way to protect yourself until we get security updates is to be careful of suspicious links and URLs while browsing.

Willow Roberts
Willow Roberts has been a Computing Writer at Digital Trends for a year and has been writing for about a decade. She has a…
I let Radial menu take over my Mac, and I’m never going back
One mouse jiggle, endless shortcuts. My Mac has never felt this fast.
Radial app running on Mac

I have been testing Radial for the past week, and it's quickly become one of those apps I didn’t know how I could live without. It's a radial menu for macOS that puts your shortcuts, scripts, and automations right where your cursor is, so you never have to go hunting through menus to find what you need.

The app just received its 5.0 update, adding AI actions powered by Claude, window layouts, variables, a redesigned settings interface, a new Atmosphere background effect, and a squircle menu shape. I got to try most of these, and here's what I found.

Read more
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more
As AI turbocharges digital abuse, UK agencies urge parents to limit who sees kids’ photos online
The National Crime Agency and Internet Watch Foundation are asking parents to tighten privacy settings as AI-generated abuse material rises.
Social Media

Parents who post pictures of their kids online are being told to rethink the habit. The UK's National Crime Agency and the Internet Watch Foundation have issued new guidance urging families to lock down their social media accounts, warning that publicly shared photos are increasingly being pulled and altered by AI tools to create child sexual abuse material.

The two organizations say most parents have no idea this is happening. Criminals no longer need to contact a child directly to generate such material. They can scrape an ordinary photo and run it through widely available nudify apps.

Read more