Apple to Patch Web Browser Vulnerabilities Affecting Recent Macs, iPads and iPhones
There are two new speculative execution attacks that impact recent Apple chips, according to data shared today by Georgia Tech students that discovered the vulnerabilities.
Named SLAP and FLOP, the two security flaws could allow an attacker to use a malicious webpage to spy on the contents of other webpages, giving attackers remote access to browsing history, credit card data, emails, location information, and more. Physical access to a device is not required, and the attack can be executed through a malicious site that bypasses Apple's browser protections.
Several Apple A-series and M-series chips are affected, including the M2 and later and the A15 and later, which are in the following devices:
- 2022 and later Mac notebooks
- 2023 and later Mac desktops
- 2021 and later iPad models
- 2021 and later iPhones
SLAP and FLOP were disclosed to Apple in May 2024 and September 2024, respectively, and while the attacks have not yet been patched, the researchers who reported the issue were told that Apple plans to address the vulnerabilities in an upcoming security update.
Apple told Bleeping Computer that it has not yet patched the flaws. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," Apple said. "Based on our analysis, we do not believe this issue poses an immediate risk to our users."
SLAP affects Safari, while FLOP affects Safari and Chrome. Other browsers like Firefox could be affected too, but have not been tested. There is no evidence that SLAP and FLOP have been executed in the wild.
Details on how SLAP and FLOP work can be found on the website dedicated to explaining the vulnerabilities.
Popular Stories
Apple turns 50 this year, and its CEO Tim Cook has promised to celebrate the milestone. The big day falls on April 1, 2026.
"I've been unusually reflective lately about Apple because we have been working on what do we do to mark this moment," Cook told employees today, according to Bloomberg's Mark Gurman. "When you really stop and pause and think about the last 50 years, it makes your heart ...
Apple plans to announce the iPhone 17e on Thursday, February 19, according to Macwelt, the German equivalent of Macworld.
The report, citing industry sources, is available in English on Macworld.
Apple announced the iPhone 16e on Wednesday, February 19 last year, so the iPhone 17e would be unveiled exactly one year later if this rumor is accurate. It is quite uncommon for Apple to unveil...
In the iOS 26.4 update that's coming this spring, Apple will introduce a new version of Siri that's going to overhaul how we interact with the personal assistant and what it's able to do.
The iOS 26.4 version of Siri won't work like ChatGPT or Claude, but it will rely on large language models (LLMs) and has been updated from the ground up.
Upgraded Architecture
The next-generation...
While the iOS 26.3 Release Candidate is now available ahead of a public release, the first iOS 26.4 beta is likely still at least a week away. Following beta testing, iOS 26.4 will likely be released to the general public in March or April.
Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far.
iOS 26.3
iPhone to Android Transfer Tool
iOS 26.3 makes it easier...
The iPhone 18 Pro Max will feature a bigger battery for continued best-in-class battery life, according to a known Weibo leaker.
Citing supply chain information, the Weibo user known as "Digital Chat Station" said that the iPhone 18 Pro Max will have a battery capacity of 5,100 to 5,200 mAh. Combined with the efficiency improvements of the A20 Pro chip, made with TSMC's 2nm process, the...
