this post was submitted on 30 Jan 2025
171 points (97.2% liked)

Technology

61227 readers
4947 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
171
Apple silicon is vulnerable to side-channel speculative execution attacks "FLOP" and "SLAP" (www.tomshardware.com)
submitted 1 day ago by [email protected] to c/[email protected]
19 comments fedilink hide all child comments
 

AI summary:

The article discusses two new side-channel speculative execution attacks targeting Apple silicon, named SLAP and FLOP. These attacks were presented by security researchers from the Georgia Institute of Technology and Ruhr University Bochum.

  • SLAP (Data Speculation Attacks via Load Address Prediction): Exploits Apple Silicon's Load Address Predictor, potentially leaking information like emails and browsing history.
  • FLOP (False Load Output Predictions): Exploits Apple Silicon's Load Value Predictor, potentially leaking sensitive data like credit card information and location history.

Apple has acknowledged these vulnerabilities but stated they do not pose an immediate risk to users. The researchers have not observed these attacks in the wild yet. Users can mitigate risks by disabling JavaScript in Safari, though this may cause compatibility issues with websites

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 4 hours ago* (last edited 4 hours ago)

a best guess as to what the next instruction or data it needs will be

More precisely it's speculating on the results of a yet to be executed (but already known) instruction, e.g. whether a branch will be taken or not, and begins to execute instructions in that branch before the final verdict of whether it will be taken is done. If it guessed right, it can just continue, if it guessed wrong, it has to cover its tracks, making sure that what it did is in no way observable. It's the latter part, "in no way observable", that all these security failures are about: If you can somehow observe that stuff, you might be able to observe stuff you're not supposed to see because the branch speculatively taken was "nope, you're not allowed to do this".

All that might be hard to grasp without an understanding how modern CPUs execute instructions, which very much is not "an instruction at a time", Computerphile has excellent videos about pipelining and branch prediction.