Daily Archives: February 5, 2025

  • SLAP and FLOP – should we be concerned?

    Posted on February 5, 2025 at 03:00 CST by Comment in the Forums

    Apple M1 chip

    You may have seen the news that Apple devices are subject to vulnerabilities that could potentially (note that word!) allow an attacker to see the content of your Web browsing when using Safari or Chrome.

    Let’s interpret the statement, shall we?

    If an attacker can inject malformed data into these processes, then it can read memory content that shouldn’t be accessible …

    Translation: If a bad guy can trick you into going to their malicious website, and:

    The researchers say there is no evidence that either vulnerability has yet been exploited in the wild…

    The attack sequence also would entail the following:

    “FLOP requires a target to be logged in to a site such as Gmail or iCloud in one tab and the attacker site in another for a duration of five to ten minutes. When the target uses Safari, FLOP sends the browser “training data” in the form of JavaScript to determine the computations needed. With those computations in hand, the attacker can then run code reserved for one data structure on another data structure. The result is a means to read chosen 64-bit addresses.”

    I don’t see this as a huge threat. I have never seen these side-channel attacks done at the consumer level. Targeted nation state? Maybe. You and me? No. If you really are concerned, just make it a point to swipe up and close your applications and tabs. It’s wise to shut down the apps every now and then anyway — and rebooting your phone will not close apps.

    So don’t panic. It’s just a research whitepaper.

    Apple
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    February 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    232425262728  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.