Apple to Patch Web Browser Vulnerabilities Affecting Recent Macs, iPads and iPhones
There are two new speculative execution attacks that impact recent Apple chips, according to data shared today by Georgia Tech students that discovered the vulnerabilities.

Named SLAP and FLOP, the two security flaws could allow an attacker to use a malicious webpage to spy on the contents of other webpages, giving attackers remote access to browsing history, credit card data, emails, location information, and more. Physical access to a device is not required, and the attack can be executed through a malicious site that bypasses Apple's browser protections.
Several Apple A-series and M-series chips are affected, including the M2 and later and the A15 and later, which are in the following devices:
- 2022 and later Mac notebooks
- 2023 and later Mac desktops
- 2021 and later iPad models
- 2021 and later iPhones
SLAP and FLOP were disclosed to Apple in May 2024 and September 2024, respectively, and while the attacks have not yet been patched, the researchers who reported the issue were told that Apple plans to address the vulnerabilities in an upcoming security update.
Apple told Bleeping Computer that it has not yet patched the flaws. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," Apple said. "Based on our analysis, we do not believe this issue poses an immediate risk to our users."
SLAP affects Safari, while FLOP affects Safari and Chrome. Other browsers like Firefox could be affected too, but have not been tested. There is no evidence that SLAP and FLOP have been executed in the wild.
Details on how SLAP and FLOP work can be found on the website dedicated to explaining the vulnerabilities.
Popular Stories
iOS 18.3 was released last month, so the first iOS 18.4 beta should be coming soon. iOS 18.4 is expected to be a more substantial update for the iPhone, with several new features and changes related to Apple Intelligence and beyond.
Apple's website suggests that iOS 18.4 will be released in April, following beta testing. Below, we outline what to expect from the update so far.
Apple...
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost.
iCloud+ is the official name for Apple's paid iCloud storage plans, which range from 50GB for $0.99 per month to 12TB for $59.99 per month in the United States. iCloud+ plans already come with multiple perks for free, such as Hide My Email and HomeKit Secure Video, and now there is another one...
Apple hasn't refreshed the Apple TV since 2022, but rumors suggest that we're finally going to get an update in 2025. We don't have a full picture of what to expect yet, but we have some hints on what's coming.
Subscribe to the MacRumors YouTube channel for more videos.
Updated A-Series Chip
The current Apple TV 4K uses the A15 Bionic chip that was in the iPhone 13 lineup, and it's time for...
Apple's next-generation iPhone SE could debut as soon as next week with a launch to follow later in February, reports Bloomberg's Mark Gurman. Apple isn't expected to hold an event for the iPhone SE 4, and will instead unveil the device through a press release.
The iPhone SE 4 is expected to have an iPhone 14-style design, with Apple eliminating the thick bezels and Touch ID Home button of...
Apple is internally testing iOS 18.3.1 for iPhones, according to our website's analytics logs, which have been a consistently reliable indicator of upcoming iOS versions. The software update should be released within the next few weeks.
iOS 18.3.1 should be a minor update that addresses software bugs and/or security vulnerabilities. Apple Intelligence notification summaries for news and...
The British government has secretly demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud, reports The Washington Post.
The undisclosed order is said to have been issued last month, and requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide – an unprecedented demand not before...
Disney+ lost 700,000 subscribers worldwide in recent months, according to Disney's earnings results for the first quarter of 2025.
Disney said it now has 124.6 million Disney+ subscribers, a decrease of 0.7 million compared to its subscriber numbers in the fourth quarter of 2024. The drop in subscribers comes after Disney+ prices increased in the fall. Disney+ with Ads went from $7.99 to...
Last year, we reported that Apple sued its former software engineer Andrew Aude for providing journalists with confidential information about the company's future plans, including details about the Journal app, Vision Pro headset, and more.
As reported by 9to5Mac, the Superior Court of Santa Clara County on Thursday dismissed the lawsuit after Apple and Aude reached an agreement to resolve...