A team of security researchers has discovered critical vulnerabilities in Apple's A15, A16, and A17 chips, which power the latest iPhones. These vulnerabilities, FLOP and SLAP, could allow hackers to remotely steal sensitive data, such as emails, browsing history, and location information, simply by visiting a malicious website.
Apple 's A-series chips are renowned for their speed, efficiency, and security. However, a recently uncovered flaw suggests that they might not be as impenetrable as previously believed. A team of security experts from Georgia Tech and Ruhr University has identified two critical vulnerabilities in Apple 's A15, A16, and A17 chips, which power the latest iPhone models.
These vulnerabilities, designated as FLOP (False Load Output Prediction) and SLAP (Speculative Load Address Prediction), enable hackers to manipulate the way Apple's chips process data, potentially exploiting them for performance gains.The most alarming aspect of these vulnerabilities is that they can be exploited remotely without the need for malware, phishing scams, or physical access to the device. Hackers can embed malicious JavaScript or WebAssembly code within websites, and simply by visiting one of these infected pages, users could unknowingly expose their sensitive data.Security researchers demonstrated the effectiveness of these exploits in real-world scenarios, revealing that attackers could potentially gain access to a user's Gmail inbox, Amazon order history, Reddit activity, Google Maps location history, and iCloud Calendar events. Even the possibility of one of these breaches being exploited is unsettling, but the combined potential for all of them to be compromised is deeply concerning.Apple was informed about these security issues in March and September 2024, but no official fix has been released as of yet. The company has downplayed the risks, but security experts recommend disabling JavaScript in Safari and Chrome browsers as a temporary measure. However, this will render many websites unusable. Staying updated with the latest iOS software is crucial, as Apple may release a security patch via an upcoming update. Ultimately, exercising caution online and avoiding suspicious or unfamiliar websites is paramount. While Apple's A-series chips have revolutionized iPhone performance, this newly discovered security flaw raises serious concerns about user privacy. Until a fix is available, iPhone users should remain vigilant while browsing, as opening the wrong website could potentially expose their private data
APPLE IPHONE SECURITY VULNERABILITY HACKING DATA BREACH FLOP SLAP WEBSITES CYBERSECURITY
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Apple releases urgent iOS 18.3 security update to target ‘cyberthreats’ due to flawApple has rolled out its highly anticipated Apple Intelligence feature in the latest iOS 18.1 update. Available now for download, this new AI suite is accessible exclusively to the iPhone 16 line and last year’s iPhone 15 Pro, though only for devices set to the US.
Read more »
Jailbreaking Digital License Plates: Researcher Exposes Security FlawA security researcher has revealed a vulnerability that allows the 'jailbreaking' of digital license plates sold by Reviver, raising concerns about potential misuse for evading law enforcement and identity theft.
Read more »
Researcher Exposes Security Flaw in Digital License PlatesA security researcher has found a way to 'jailbreak' digital license plates sold by Reviver, potentially allowing users to evade tolls, speeding tickets, and surveillance.
Read more »
ChatGPT Security Flaw Could Enable Massive DDoS AttacksA vulnerability in ChatGPT's API allows attackers to launch Distributed Denial of Service (DDoS) attacks by flooding a target with requests. Researchers have alerted OpenAI to the issue and recommend implementing limits on URL submissions and duplicate request checks to mitigate the risk.
Read more »
Chinese hackers breached US government office that assesses foreign investments for national security risksChinese hackers breached the US government office that reviews foreign investments for national security risks, two US officials familiar with the matter told CNN.
Read more »
Mercedes-Benz Security Vulnerability Could Allow Hackers to Access Vehicle InfotainmentA new report from Kaspersky Security Services has revealed vulnerabilities in the first-generation Mercedes-Benz User Experience (MBUX) infotainment system that could allow hackers to gain access to vehicle data, launch denial-of-service attacks, and even disable anti-theft protections. The vulnerabilities require physical access to the vehicle, but Mercedes-Benz has acknowledged the issue and stated that newer versions of the infotainment system are not affected.
Read more »