Apple silicon is vulnerable to side-channel speculative execution attacks "FLOP" and "SLAP"
-
T [email protected] shared this topic
-
-
Me: Reads headline.
Also me: I have no idea what this headline is supposed to be warning me of. Of COARSE you'd get slapped if you went up to someone and flopped out your apples.
-
You will be slapped with a floppy
-
3.5 inch or 5 inch?
-
When modern CPUs execute instructions, they try to make a best guess as to what the next instruction or data it needs will be while it's still executing the first, to speed things up so it doesn't have to wait until the entire instruction execution cycle is complete to start retrieving the next one from memory. These exploits force it to guess wrong, potentially pulling sensitive data out of memory and making it accessible to processes which usually can't access it.
-
Another day, another speculative execution attack
-
Didn't use to be.
-
i had to double check. yes. it is a SLAP with a silent d and a. what a great name.
-
Oh no! We can't live without overengineered pieces of silicon made via processes more complex than anything in history, with enormous computing power being used to display our porn and cat pics. We need more performance! And we need even more complex CPUs.
Everyone is different. I could live with things from year 2005. Except they were expensive and not everyone had them. I would want people to have necessities and simple, sturdy, cheap, weak tech to fulfill their needs and nothing more. Not lack some things and have far too powerful tools for other things.
-
You know you can click that headline and read the article for more information. You don't have to live in ignorance.
-
uMatrix makes this easy
-
I have a better proposal: let’s disable JavaScript in it’s entirety so it wouldn’t require 8 gb ram and a 2 gHz multicore cpu on my mobile device that runs on battery, to send a simple ‘hello’ to my friends.
-
I don't know if mac has something similar, but you can run a command on linux to list all the CPU vuln mitigations applied, and its hilarious to see on something old like a skylake or haswell with the amount of patches that have dropped since release.
-
uMatrix isn't maintained anymore, but you can actually do this directly in uBO now!
https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-scripting
-
Oh wow. Yeah, it hasn't been updated for 6 years. Damn, I didn't realize how long I've been using it.
-
a best guess as to what the next instruction or data it needs will be
More precisely it's speculating on the results of a yet to be executed (but already known) instruction, e.g. whether a jump will be taken or not, and begins to execute instructions in that branch before the final verdict of whether it will be taken is done. If it guessed right, it can just continue, if it guessed wrong, it has to cover its tracks, making sure that what it did is in no way observable. It's the latter part, "in no way observable", that all these security failures are about: If you can somehow observe that stuff, you might be able to observe stuff you're not supposed to see because the branch speculatively taken was "nope, you're not allowed to do this".
All that might be hard to grasp without an understanding how modern CPUs execute instructions, which very much is not "an instruction at a time", Computerphile has excellent videos about pipelining and branch prediction.
-
From the article's own summary.
False Load Output Prediction and Speculative Load Address Prediction allow for data leaks without malware infection
But I guess "IA summary" did its best ¯\_(ツ)_/¯
