Apple Chips Can Be Hacked To Leak Secrets From Gmail, ICloud, and More
An anonymous reader quotes a report from Ars Technica: Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips' use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program. [...] The researchers published a list of mitigations they believe will address the vulnerabilities allowing both the FLOP and SLAP attacks. They said that Apple officials have indicated privately to them that they plan to release patches. In an email, an Apple representative declined to say if any such plans exist. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," the spokesperson wrote. "Based on our analysis, we do not believe this issue poses an immediate risk to our users." FLOP, short for Faulty Load Operation Predictor, exploits a vulnerability in the Load Value Predictor (LVP) found in Apple's A- and M-series chipsets. By inducing the LVP to predict incorrect memory values during speculative execution, attackers can access sensitive information such as location history, email content, calendar events, and credit card details. This attack works on both Safari and Chrome browsers and affects devices including Macs (2022 onward), iPads, and iPhones (September 2021 onward). FLOP requires the victim to interact with an attacker's page while logged into sensitive websites, making it highly dangerous due to its broad data access capabilities. SLAP, on the other hand, stands for Speculative Load Address Predictor and targets the Load Address Predictor (LAP) in Apple silicon, exploiting its ability to predict memory locations. By forcing LAP to mispredict, attackers can access sensitive data from other browser tabs, such as Gmail content, Amazon purchase details, and Reddit comments. Unlike FLOP, SLAP is limited to Safari and can only read memory strings adjacent to the attacker's own data. It affects the same range of devices as FLOP but is less severe due to its narrower scope and browser-specific nature. SLAP demonstrates how speculative execution can compromise browser process isolation. Read more of this story at Slashdot.

Read more »

‘Mythic Quest’ season four premieres Wednesday, January 29th
The fourth season of “Mythic Quest,” the hit workplace comedy premieres globally on Wednesday, January 29th on Apple TV+… The post appeared first on MacDailyNews.

Read more »

Five new Apple products are launching early this year, here’s what’s coming
The first month of 2025 is almost over, moving us closer to the first Apple product launches of the year—and several strong ones are coming. Here’s a look at five new products expected to arrive in the next few months. more…

Read more »

SLAP and FLOP browser vulnerabilities threaten nearly every Apple device since 2021
Macworld Fresh off the fix of a zero-day vulnerability in iPhones, iPads, Macs, and other devices, security researchers at the Georgia Institute of Technology have revealed a pair of vulnerabilities that affect all of Apple’s modern devices. First reported at BleepingComputer, these are side-channel attacks that can use special code on websites to allow websites to execute “side-channel” attacks that steal data from other web sessions. A malicious site could, for example, see your location data from a Google Maps tab, or unencrypted email from an open browser tab that is logged in to your secure email account. Banking info, login info, purchase history—there are lots of potential targets. Most modern browsers “sandbox” web sessions, so that one browser tab or window can’t access the data from other tabs/windows. The SLAP and FLOP vulnerabilities exploit features of the latest Apple processors to get around this sandboxing. What is SLAP? The M2 and A15 generation of processors (and later) have a feature called Load Address Prediction (LAP), which it tries to predict the memory address of the next memory request in order to prefetch it and speed things up. SLAP (Speculation Attacks via Load Address Prediction) first falsely “trains” that predictive algorithm and then uses that the pull targeted data from other browser processes. SLAP seems to work only in Safari. What is FLOP? Starting with the M3/A17 generation of processors, Apple goes a step further than loading data from predicted memory addresses. They have a feature called Load Value Predictor (LVP), which guesses what the value will be from a memory request. It’s all to help the processor run faster by not having to wait around for data to come from memory. FLOP (False Load Output Predictions) issues instructions that return the same values all the time to “trick” the predictor into expecting a certain value even when the data has changed, and that lets them execute code on “incorrect” data values. FLOP works in Safari and Chrome. Which Apple devices are affected? The researchers say the following Apple devices have the hardware necessary to execute these flaws. All Mac laptops from 2022-present (MacBook Air, MacBook Pro) All Mac desktops from 2023-present (Mac Mini, iMac, Mac Studio, Mac Pro) All iPad Pro, Air, and Mini models from September 2021-present (6th- and 7th-gen iPad Pro, 6th-gen iPad Air, 6th-gen iPad Mini) All iPhones from September 2021-present (iPhone 13, 14, 15, and 16 models, 3rd-gen iPhone SE) Should I be worried? The Georgia Institute of Technology researchers say there is no evidence that either SLAP or FLOP has been used in the wild. Similarly, Apple told BleepingComputer, “Based on our analysis, we do not believe this issue poses an immediate risk to our users.” Is Apple fixing these flaws? Yes, but it appears to be taking some time. The researchers disclosed SLAP to Apple on May 24, 2024, and FLOP on September 3, 2024. Apple has released numerous updates since that time without fixing the issue here. You can about these exploits and see test demonstrations of them in action at the SLAP and FLOP site set up by the Georgia Institute of Technology researchers.

Read more »

Openvibe, a Multi-Social-Network App for Bluesky, Mastodon, Threads (Supposedly), and Nostr
Openvibe, which mashes together multiple accounts from mulitple networks into a single timeline, is interesting, but not for me — and I’m not really sure who it *is* for.

Read more »

Why now is a great time to buy an iPad [Hint: Save $200]
Don’t miss out on the versatility of Apple's iPad. Whether watching videos or creating amazing art, find the perfect tablet at a sale price. (via Cult of Mac - Apple news, rumors, reviews and how-tos)

Read more »

Why now is a great time to buy an iPad [Hint: Save $200]
Don’t miss out on the versatility of Apple's iPad. Whether watching videos or creating amazing art, find the perfect tablet at a sale price. (via Cult of Mac - Apple news, rumors, reviews and how-tos)

Read more »

Why now is a great time to buy an iPad [Hint: Save $200]
Don’t miss out on the versatility of Apple's iPad. Whether watching videos or creating amazing art, find the perfect tablet at a sale price. (via Cult of Mac - Apple news, rumors, reviews and how-tos)

Read more »

Now on by default, here’s how to turn off Apple Intelligence
Apple Intelligence is the personal intelligence system integrated into iOS 18. It merges the capabilities of generative models with insights… The post appeared first on MacDailyNews.

Read more »

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more
Side channel gives unauthenticated remote attackers access they should never have.

Read more »

Two Apple Silicon chip flaws could expose your private data to thieves
Apple's processors are fast because they predict what you'll need next, but when they guess wrong hackers can exploit those mistakes to steal your private data.M3 MacBook ProApple Silicon, like the M2 and M3, is designed to be some of the fastest in the world, powering iPads and Macs. Their strength is speculative execution, a feature that guesses what you'll need next to keep things running smoothly.But new research shows this speed boost comes with a cost. When these guesses are wrong, they can create vulnerabilities that hackers could use to access sensitive information, like emails and credit card details. Continue Reading on AppleInsider | Discuss on our Forums

Read more »

Apple just published a ‘meditative’ video tour of Silo’s massive sets
Silo just wrapped up its second season on Apple TV+, but if you weren’t ready to leave silos 17 & 18 just yet, Apple just shared a new way to explore the show’s dystopian world. more…

Read more »

A new CVS iPhone app aims to make shopping at the pharmacy less frustrating
If you've ever been frustrated while shopping at your local pharmacy, you're hardly alone — but now CVS has devised a plan to change that with it's new iPhone app.Image credit: CVSPharmacies often get disparaged as one of the most tedious places the average person has to put up with. Long lines, hidden prescription costs, and the highly inconvenient locked cabinets are hated by nearly everyone.And, that probably includes your local pharmacy, too. That's why CVS is trying to change how you make your pharmacy run with its revamped CVS Health app. Continue Reading on AppleInsider | Discuss on our Forums

Read more »

These are my favorite MagSafe stands for iPhone and StandBy
One of my favorite iPhone features StandBy, which turns your iPhone into a smart display when it’s in landscape orientation and charging. One of the best ways to take full advantage of StandBy is with an upright wireless charger. Head below for a closer look at some of my favorite MagSafe stands for iPhone, perfect for StandBy. more…

Read more »

Yes, the iPhone SE 4 will have a notch, says key analyst
We’re not too far away from Apple’s expected unveiling of the new iPhone SE 4. And recently, conflicting reports have caused confusion over the device’s form factor. Now, a key display analyst has weighed in with a more authoritative answer on the notch-Dynamic Island debate. more…

Read more »

Apple to patch SLAP and FLOP web browser vulnerabilities
Apple plans to patch two new speculative execution attacks, SLAP and FLOP, that impact recent Apple chips, according to data shared today… The post appeared first on MacDailyNews.

Read more »

Your iPhone could soon start unlocking the infamous CVS product cabinets
CVS today announced the launch of a newly rebranded and updated CVS Health app (formerly called CVS Pharmacy). The iPhone app offers a variety of new features, but perhaps the most exciting is one that’s currently being piloted in select CVS stores: the ability to open locked-up product cabinets. more…

Read more »

Unreleased Powerbeats Pro 2 spotted with TGL golfers Tiger Woods and Rory McIlroy
Beats hasn’t even announced Powerbeats Pro 2, let alone releasing the second-gen wireless earphones. That hasn’t stopped what appears to be the Powerbeats Pro 2 from becoming the unofficial headphones of the new TGL golf league. Several golfers have been spotted sporting a single Powerbeats Pro 2 earbud in recent days. more…

Read more »

Track your medications on iPhone in the Health app
The Apple Health app on your iPhone will help you track your medications. You can just scan the label on the bottle using the camera to import it in. (via Cult of Mac - Apple news, rumors, reviews and how-tos)

Read more »

How Cult of Mac became a thing — founder Leander Kahney reveals all!
On the "Apple Core" podcast, an interview with "Cult of Mac" founder Leander Kahney covers his 30-year career writing about Apple. (via Cult of Mac - Apple news, rumors, reviews and how-tos)

Read more »