Security experts have found two major issues, named SLAP and FLOP, that affect all new iPhones, iPads, and Macs, including many older models. These flaws could let someone peek into what’s open on your web browser.
What Are SLAP and FLOP?SLAP and FLOP are types of security problems discovered by researchers at the Georgia Institute of Technology. They are similar to famous security issues like Spectre and Meltdown. Both rely on a technique called “speculative execution,” where the chip tries to guess what you’ll do next to speed things up. If this guesswork goes wrong, attackers might sneak in bad data to see things they shouldn’t.
The Dangers of These FlawsNormally, each tab in Safari is like a locked box, keeping its contents separate from others. But with SLAP, if you’re tricked into visiting a bad website, it could open those locks. It could potentially read your emails, track your location on Apple Maps, or check your bank details.
FLOP is even trickier; it can do the same thing but also works on Chrome, making it more dangerous. These attacks don’t need any harmful software on your device; they use weak spots in Apple’s own system, making them hard to spot.
Which Devices Are at Risk?These security issues affect any Apple device with chips from the A15 series or the M2 series and newer. Here’s a list of affected devices:
- iPhone: iPhone 13, 14, 15, 16, and the third-generation iPhone SE.
- iPad: iPad Air, Pro, and mini models released from 2021.
- Mac: MacBook Air, MacBook Pro since 2022; Mac mini, Mac Studio, iMac, and Mac Pro since 2023.
Real-World Threats?So far, there’s no proof these vulnerabilities have been used against users in real life. Apple has acknowledged the problem and has been working on fixes since they were alerted in May 2024 for SLAP and September 2024 for FLOP. Apple’s statement to Bleeping Computer suggests they don’t see these as urgent threats right now.
The best advice for now is to be careful with the websites you visit until Apple rolls out a fix.