Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
SLAP and FLOP: Complex vulnerabilities in Apple CPUs
SLAP and FLOP: Complex vulnerabilities in Apple CPUs
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 14,500
Threads: 9,547
Thanks Received: 9,040 in 7,190 posts
Thanks Given: 9,815
Joined: 12 September 18
#1
Bug  11 February 25, 09:38
Quote:New research demonstrates for the first time how hardware vulnerabilities in modern CPUs can be exploited in practice.

Researchers from universities in Germany and the U.S. recently showcased an interesting attack — or rather, two attacks — exploiting two different vulnerabilities in Apple CPUs. Picture this: someone sends you a link in a chat. When you click it, nothing looks suspicious at first. It doesn’t ask for your work email password, doesn’t try to get you to download a sketchy file. The page might even contain something fun or useful. But while you’re busy browsing it, hidden code is secretly harvesting data from another browser tab  — checking your location, recent online purchases, and even stealing your emails.

The description of the attack seems simple enough, but in reality, we’re talking about a very complex attack that exploits the features of so-called speculative execution by the CPU.

Wait a minute! Haven’t we heard this before?

You just might have. The core idea of the new attacks resembles various Spectre-type attacks that exploit other, albeit somewhat similar, vulnerabilities in Intel and AMD CPUs. We’ve covered those attacks before. In 2022, four years after the first Spectre vulnerability was discovered, we concluded that there was no realistic, easy, or effective way to exploit those vulnerabilities. Although exploiting these new Apple chip vulnerabilities isn’t straightforward either, the difference this time is that the researchers have already provided fairly realistic attack scenarios and proved their feasibility. To see just how dangerous these vulnerabilities are, let’s briefly recap the basic principles behind all such attacks without getting bogged down in complicated research.

Exploiting speculative execution logic

Speculative execution refers to a situation where the processor executes the next instruction without waiting for the previous one to finish. Let’s draw a somewhat odd yet helpful analogy here with a car. Imagine your car starts the engine automatically every time you approach it. If you’re just passing by, the engine stops (as such, the operation is unnecessary). But if you’re about to set off driving, it’s ready to go as soon as you get in.

Continue Reading...
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Malwarebytes 5.3.0.186
Malwarebytes 5.3.0...Mohammad.Poorya — 16:43
Mozilla Firefox Browser 138.0.1
Mozilla Firefox Br...harlan4096 — 09:58
Hasleo Backup Suite 5.2.2.2
Hasleo Backup Suit...harlan4096 — 09:51
LibreOffice 25.2.3
Berlin, 30 April 2...harlan4096 — 09:50
Creating an unforgettable password
This is your World...harlan4096 — 09:50

[-]
Birthdays
Today's Birthdays
avatar (44)centfootadoni
Upcoming Birthdays
avatar (27)akiratoriyama
avatar (47)Jerrycix
avatar (39)awedoli
avatar (81)WinRARHowTo
avatar (37)owysykan
avatar (48)beautgok
avatar (38)axuben
avatar (44)talsmanthago
avatar (30)mocetor
avatar (45)piomaibhaict
avatar (50)kingbfef
avatar (37)izenesiq
avatar (39)ihijudu
avatar (44)tiojusop
avatar (41)Damiennug
avatar (39)acoraxe
avatar (48)contjrat
avatar (40)axylisyb
avatar (43)tukrublape
avatar (40)iruqi
avatar (41)saitetib
avatar (35)ypasodiny
avatar (38)omapek
avatar (47)Geraldtuh
avatar (43)knigiJow
avatar (45)1stOnecal
avatar (49)Mirzojap
avatar (35)idilysaju
avatar (44)xclubDum
avatar (40)Stewartanilm
avatar (43)nikitaxople
avatar (39)GregoryRog
avatar (44)mediumog
avatar (39)odukoromu
avatar (45)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>