New iPhone security flaw could let hackers steal your data while you browse

Apple’s A-series chips are known for their speed, efficiency, and security—but a newly discovered flaw suggests they might not be as safe as we thought. Researchers have found serious vulnerabilities in Apple’s latest processors that could let hackers steal your private data, and all it takes is visiting the wrong website.

A team of security experts from Georgia Tech and Ruhr University uncovered two major flaws in Apple’s A15, A16, and A17 chips—the processors powering the iPhone 13, iPhone 14, iPhone 15, and iPhone 16 series. These vulnerabilities, called FLOP (False Load Output Prediction) and SLAP (Speculative Load Address Prediction), allow hackers to manipulate the way Apple’s chips process data to boost performance.

The scariest part is that these attacks don’t require malware, phishing scams, or even physical access to your phone. Instead, hackers can exploit these weaknesses remotely. All that's needed is for them to embed malicious JavaScript or WebAssembly code on a website. If you land on one of these infected pages, your sensitive data could be exposed without you ever knowing about it.

What are the risks?

Security researchers tested these exploits in real-world scenarios and found that attackers could potentially access your Gmail inbox, Amazon order history, Reddit activity, Google Maps location history and iCloud Calendar events. Even one of these is plenty scary enough, but all of them combined is terrifying.

So you might want to ask how these attacks work. Well, FLOP attacks affect A17 chips (found in iPhone 15 Pro & Pro Max). Hackers can manipulate memory predictions to access sensitive data. SLAP attacks target A15 and newer chips (iPhone 13, 14, and 15 models). This method tricks the CPU into misreading memory addresses, exposing confidential information.

Apple is aware of the situation, but there's still no fix

Apple was notified about these security issues in March and September 2024, but so far, no official fix has been released. The company downplayed the risks, stating:



For now, security experts recommend disabling JavaScript in Safari and Chrome, but keep in mind that this will make many websites unusable.

Other things that will help you stay protected is keeping your iPhone updated, as Apple may release a security patch in the near future via an iOS update. Also, it goes without saying but be cautious online. If a website looks sketchy or unfamiliar, don’t click.

The bottom line is that while Apple’s A-series chips have transformed iPhone performance, this new security flaw raises major concerns about privacy. With no fix available yet, iPhone users should stay vigilant while browsing. Until Apple releases a patch, opening the wrong website could put your private data at risk. Stay safe out there.