Apple to Patch Web Browser Vulnerabilities Affecting Recent Macs, iPads and iPhones

There are two new speculative execution attacks that impact recent Apple chips, according to data shared today by Georgia Tech students that discovered the vulnerabilities.

Named SLAP and FLOP, the two security flaws could allow an attacker to use a malicious webpage to spy on the contents of other webpages, giving attackers remote access to browsing history, credit card data, emails, location information, and more. Physical access to a device is not required, and the attack can be executed through a malicious site that bypasses Apple’s browser protections.

Several Apple A-series and M-series chips are affected, including the M2 and later and the A15 and later, which are in the following devices:

  • 2022 and later Mac notebooks
  • 2023 and later Mac desktops
  • 2021 and later iPad models
  • 2021 and later iPhones

SLAP and FLOP were disclosed to Apple in May 2024 and September 2024, respectively, and while the attacks have not yet been patched, the researchers who reported the issue were told that Apple plans to address the vulnerabilities in an upcoming security update.

Apple told Bleeping Computer that it has not yet patched the flaws. “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats,” Apple said. “Based on our analysis, we do not believe this issue poses an immediate risk to our users.”

SLAP affects Safari, while FLOP affects Safari and Chrome. Other browsers like Firefox could be affected too, but have not been tested. There is no evidence that SLAP and FLOP have been executed in the wild.

Details on how SLAP and FLOP work can be found on the website dedicated to explaining the vulnerabilities.Tag: Vulnerabiltiies
This article, “Apple to Patch Web Browser Vulnerabilities Affecting Recent Macs, iPads and iPhones” first appeared on MacRumors.com

Discuss this article in our forums

Related posts

Latest posts

Sundar Pichai says even more AI is coming to Google Search in 2025

Google looks to incorporate AI features more deeply into its Search products in 2025 as part of its $75 billion AI plan, CEO Sundar Pichai told investors Wednesday.

Google brings second-gen AI models to the Gemini mobile app

The latest Gemini 2.0 Flash model can interact with other Google apps and comes with reasoning chops, while the Gemini 2.0 Pro model excels at math and coding.

How to get two OnePlus smartphones for the price of one!

If you’ve been waiting to upgrade phones, this OnePlus deal might be of interest. Get the OnePlus Nord N30 for free when you purchase the OnePlus 12!

Apple’s AI-focused M5 chip enters mass production

Reports indicate that TSMC and other semiconductor companies have been working on the M5 chip series since last month.

Samsung Galaxy S25 Ultra vs. Google Pixel 9 Pro XL: Clash of titans

If you're looking for a new phone for yourself or someone you love and having trouble choosing between the Samsung Galaxy S25 Ultra and Google Pixel 9 Pro XL, let us save you the trouble with this guide.

TikTok is fast becoming a pawn in US-China relations

TikTok's survival in the United States might be tied to new trade agreements between China and the U.S.

Samsung users, beware: One UI 7 could jumble your home screen

If you upgrade to One UI 7, you might have to spend a few minutes rearranging your home screen. Thankfully, it has a tool that makes that easier.

Screenshot-reading malware cracks iPhone security for the first time

"This case once again shatters the myth that iOS is somehow impervious to threats posed by malicious apps targeting Android,” says Kaspersky’s analysis.

Google says quantum computing applications are five years away

Google's head of quantum thinks we could get real-world applications of quantum computing in just five years, while Nvidia claims it's more like 20.

Texas brings the ban hammer down on DeepSeek and RedNote

Texas Governor, Greg Abbott has banned the AI chatbot DeepSeek for state-issued devices, sighting data privacy and national security concerns.