Yes, per FLOP paper the mitigation overhead is 0.6%~>4.6% depending on context.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple to Patch Web Browser Vulnerabilities Affecting Recent Macs, iPads and iPhones
- Thread starter MacRumors
- Start date
- Sort by reaction score
They’re working on a new version of it called AppleSeek. At the moment, they’re “seeking” Chinese engineers who know what they’re doing.
Yes, and I guess the way to accomplish that now lies in the same country where their hardware is manufactured. They’re starting to realize like Google, MS, OpenAI, etc. that they may be overpaying some of their employees.
Apple downplaying this is typical. There is a lot of talk but in the end when looking at how long some issues live in their trackers it is just sad. Well, they are rolling out Genmoji and Apple Intelligence 🙄
Shrug, like the "correction" did for the Intel problems?
I would think it is going to cut available resources somewhere.
If you read through the research details, it says when the value guessed is wrong, this problem of arbitrary CPu execution happens. If it guesses right, it improves performance e, and no problem. Intel problems or what ever has nothing to do with what researchers have published.
It was not a "correction" but instead a "mitigation" at the intel problem and it is a similar problem here:
The speculative prediction gains a lot of efficiency and speed. If you can't use (or less use) that prediction gains to mitigate the problem, you'll get a speed penalty - simple as that.
We'll see, how and when Apple finally closes these meanwhile widely known vulnerabilities... ¯\_(シ)_/¯
The speculative prediction gains a lot of efficiency and speed. If you can't use (or less use) that prediction gains to mitigate the problem, you'll get a speed penalty - simple as that.
We'll see, how and when Apple finally closes these meanwhile widely known vulnerabilities... ¯\_(シ)_/¯
Last edited:
CPUs normally run as fast as they can, for obvious performance reasons. But their inner workings can be exposed by analysing the timings of certain instructions.
Not an expert, but introducing randomised "jitters" to instructions would thwart any attempt to make sense of those timings. This necessarily means throwing away a small amount of computing power.
You know when Paul Atreides shuffles across the desert to fool the worms? It conceals his identity, but it's always going to be slower than a brisk walk.
So my iP13p and M1 MBP are not vulnerable? Good to know!
www.bleepingcomputer.com
New Apple CPU side-channel attacks steal data from browsers
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers.
No, their security team is just prioritizing real dangerous zero day exploits and not “Look at how I can exploit a computer when I set it up juuuuuuust right.”
If you have a habit of clicking on suspicious links that lead you to suspicious sites, and THEN leaving that suspicious site up and running… then you must be a security researcher, so you’re fine!
You’ll be able to fix whatever happens.If something is found in the wild, that’s an entirely different level of severity. When Security Researchers, via a controlled experiment, and, against a computer that is set up specifically as it needs to be in order to be exploited, exploits that computer over a span of 10 minutes or so, that’s not unexpected. If a Security Researchers could NOT exploit a computer they have physical access to, I’d be surprised.
It’s probably low on the list of things to be fixed, underneath the zero day and other active exploits.
Rather disappointed there's no CHOP attack so Apple could patch SLAP CHOP
If Cookie Monster would do his job deleting where we are and where we been it would not be a problem.
True, but what is scaring me that a "not-easy" vulnerabilities could be used in a chain to drop an attack.
It’s HIGHLY unlikely that this could be used in a chain. As any chain that requires at least 5 minutes to work is a broken chain.
Hector Martin (reverse engineers Apple Silicon for Asahi Linux) is saying that the exploits these researchers discovered already have the appropriate mitigations in hardware, are even part of the spec in fact, and it’s effectively a software bug in the browsers not to use them rather than a hardware fault. In other words, nothing to see here. The researchers just did a poor job looking for the needed bits to flip. Software already has the ability to turn them off as needed and browser should already be doing so by default as it is their job to run untrusted code. This won't be a problem with most other software as the untrusted code has to share execution with the trusted code which is pretty much a browser exclusive thing in modern security design.
social.treehouse.systems
Hector Martin (@marcan@treehouse.systems)
HA, so here's why I couldn't reproduce SLAP. m1n1 accidentally turns off the SSBS bit in PSTATE on EL0 calls. It defaults to 1 on CPU startup. [SSBS: Speculative Store Bypass...
social.treehouse.systems
Correct... But now I try to avoid to diminish any vulnerability!It’s HIGHLY unlikely that this could be used in a chain. As any chain that requires at least 5 minutes to work is a broken chain.
The problem is that one winds up slowing the inevitable. If a conditional optimization actually does make things faster in a way that can be measured, even if it is by averaging multiple attempts, those measurements can still be used to determine if the optimization took place.
It just takes more time.
Conversely, if the optimization does not make things measurably faster, then it is pointless as an optimization.
Even constant-time software behavior can cause changes in power usage, and those changes have been measured and used to leak data. That is unfortunately something that can be done external to any software controls, using hardware probes.
The jitters of a weirding way would help where the nemesis is looking for patterns across the whole sea of sand, but not when they are focused on one area for one victim. For side channel attacks it's always the latter - they are going after some specific important data in a particular process or enclave or the like.
This compares to techniques like differential privacy, such as how Apple anonymizes map requests but also breaks them into smaller parts and injects a certain percentage of fake requests into the stream. This prevents the ability to do certain types of analysis across the user base, including trying to identify groups of people based on their behavior.
But if you managed to get a set of just the map requests made by a single user, you can still infer lots of behavioral patterns even without separating the little bit of fake requests from the real ones.
Last edited:
apple intelligence is not a security tolerability of the same kind, it does not have a cve-number so it's a bit ot here but nice joke
If it were easy to fix they would have fixed it. Once you go predictive crazy stuff is happening outside of what you would normally expect. To get this safe is nearly impossible without performance hit. Sad story really ... would have been a chance to explain the nature of this issue but you sticked to SLAP is just a 4 letter word. Maybe hire some people who actually know stuff would be my suggestion - else chatgpt will replace you guys soon.
Some folks decided to become security researchers looking at all the attention they were getting as the world was going from non-networked computers to worldwide networked computers. Currently, it turns out that when “always connected” is the expectation, there are effective methods to defeat those attacks of yore.Hector Martin (reverse engineers Apple Silicon for Asahi Linux) is saying that the exploits these researchers discovered already have the appropriate mitigations in hardware, are even part of the spec in fact, and it’s effectively a software bug in the browsers not to use them rather than a hardware fault. In other words, nothing to see here. The researchers just did a poor job looking for the needed bits to flip. Software already has the ability to turn them off as needed and browser should already be doing so by default as it is their job to run untrusted code. This won't be a problem with most other software as the untrusted code has to share execution with the trusted code which is pretty much a browser exclusive thing in modern security design.
Hector Martin (@marcan@treehouse.systems)
HA, so here's why I couldn't reproduce SLAP. m1n1 accidentally turns off the SSBS bit in PSTATE on EL0 calls. It defaults to 1 on CPU startup. [SSBS: Speculative Store Bypass...
With most everything being effectively locked down, there’s little opportunity for a security researcher to make a big splash. The majority of their findings these days are like setting up an elaborate 4 foot high 10 foot long chemistry set for brewing coffee, to show how, “if you expose this flask RIGHT HERE to arsenic, the coffee that comes out at the other end COULD BE POISONOUS”… in a world where no one makes coffee that way.
No thanks.
Regarding web site development, Firefox on iOS is so nice and easy with no issues I ran into, that even Safari on iOS had. Meanwhile, Firefox on Android, with its own engine, is way more difficult to code for and get everything working correctly when you have a more complex setup. Opera on Android is even worse (bottom of the barrel?) with just bizarre stuff, yet it is supposed to be based on Blink but I don't see it or feel it
. Maybe it uses a different engine for mobile or something. Chrome is basically the same as Safari, easy.Oh and I am not talking about anything big and fancy, just HTML, CSS and Javascript.
The good part, for development at least, is Firefox has good Development tools with a full mobile Firefox setup for testing. Opera also has a full mobile setup. And it seems to show the same as the real thing for both of them.
So, no, I don't want that on iOS. Web sites for iPhone? Simple and I would love to keep it that way. It is always the #1 mobile device in all my web stats.
Yup, I'm slowly moving away from Safari and using Firefox more. There are a little issues here and there in Safari that Firefox never seems to have.No thanks.
Regarding web site development, Firefox on iOS is so nice and easy with no issues I ran into, that even Safari on iOS had. Meanwhile, Firefox on Android, with its own engine, is way more difficult to code for and get everything working correctly when you have a more complex setup. Opera on Android is even worse (bottom of the barrel?) with just bizarre stuff, yet it is supposed to be based on Blink but I don't see it or feel it
Oh and I am not talking about anything big and fancy, just HTML, CSS and Javascript.
The good part, for development at least, is Firefox has good Development tools with a full mobile Firefox setup for testing. Opera also has a full mobile setup. And it seems to show the same as the real thing for both of them.
So, no, I don't want that on iOS. Web sites for iPhone? Simple and I would love to keep it that way. It is always the #1 mobile device in all my web stats.