- Researchers have discovered two vulnerabilities in Apple’s A- and M-series chips that could be exploited to steal user data.
- Attackers can potentially skim credit card information, locations, email, and other sensitive data from Chrome and Safari when users visit sites like Google Maps, Proton Mail, and iCloud Calendar.
- Apple has been made aware of the vulnerabilities and is reportedly working on releasing patches to plug the security loophole.
Several Apple devices launched after 2021 are reportedly affected by two newly discovered vulnerabilities in Apple’s A- and M-series chips. These vulnerabilities can potentially give attackers unauthorized remote access to sensitive user data, including credit card information, location, events, and emails, while browsing websites like iCloud Calendar, Gmail, Google Maps, and Proton Mail in Chrome and Safari browsers.
According to researchers from the Georgia Institute of Technology and Ruhr University Bochum (via Ars Technica), the vulnerabilities affect CPUs in later generations of Apple’s in-house silicon, opening them up to side-channel attacks: “a class of exploits that infers secrets by measuring manifestations such as timing, sound, and power consumption.” Proof-of-concept demos shared by the researchers show how the vulnerabilities can potentially be exploited using FLOP and SLAP side-channel attacks to steal location history from Google Maps, view events stored in iCloud Calendar, view inbox contents from Gmail and Proton Mail, and even read email contents.