Apple Silicon Security Flaws Exposed—Should We Be Worried?

Welcome back to another episode of *Tech News of the Week!* This week, we dive into some fascinating developments in quantum computing, corporate drama at Meta, a potential shake-up in the networking industry, and security vulnerabilities in Apple Silicon chips. Buckle up—it's going to be a wild ride.

🔬 **Photonics for Quantum Computing**
Quantum computers are finicky beasts, usually requiring extreme cold to keep their delicate qubits from falling apart. But what if we could use *light* instead? Canadian startup Xanadu is tackling this challenge with its photonic quantum computer, *Aurora*. Their modular system could make quantum computing more scalable and affordable—if they can solve the usual qubit problems. Does this deserve a full episode? Chris, get on it. 😆 https://www.technologyreview.com/2025/01/30/1110672/this-quantum-computer-built-on-server-racks-paves-the-way-to-bigger-machines/

📢 **Zuckerberg Complains About Leaks… in a Leaked Meeting**
Meta’s CEO, Mark Zuckerberg, recently expressed frustration that everything he says leaks… in yet another leaked meeting. The irony is thick. Meta’s once-open town halls have turned into tightly controlled sessions, yet the leaks keep coming. Maybe, just maybe, the problem isn’t the employees but the guy in charge? One commenter summed it up best: “pre-divorced sh*tweasel.” https://www.404media.co/zuckerberg-says-everything-i-say-leaks-in-leaked-meeting-audio/

🛑 **DOJ Blocks HPE-Juniper Merger**
HPE’s $14B acquisition of Juniper Networks has hit a major roadblock. While Europe and the UK gave it the green light, the U.S. Department of Justice stepped in, citing concerns over market consolidation. The WLAN space is already dominated by a few major players, and the DOJ isn’t keen on reducing competition further. Meanwhile, HPE and Juniper insist this merger is "pro-customer"... for reasons. https://www.theregister.com/2025/01/30/hpes_acquisition_juniper/

🔓 **Apple Silicon Chips Have Security Flaws**
Apple’s M-series chips have been crushing the competition, but they’re not invincible. Researchers found vulnerabilities—SLAP and Flop—that allow sneaky memory access. While these attacks are difficult to pull off, the fact that they’re possible at all is concerning. Apple hasn’t responded yet, but maybe, just maybe, CPUs don’t *need* speculative execution anymore? Just a thought. 🤔 https://predictors.fail

📩 Got thoughts? Want to share expert insight? Hit us up at ChaosLever.com (but no collect calls, please). See you next time! 👋

Transcript

[00:00:00.00]
Announcer: Welcome to Tech News of the Week with your host, a duckbill platypus named Jose.

[00:00:06.09]
Ned: Welcome to Tech News of the Week. This is our weekly Tech News podcast where Chris and I dissect four interesting news articles that we found. Chris, you had the honor of talking about Deep Seq in this week's main episode, so I will start with my thing, which is your thing. Using photonics for quantum computing makes sense. We at Chaos Lever sure love our quantum computing. In fact, Chris has dedicated several episodes to it. The thing about actually building quantum computers is that they are super finicky and usually require being cooled to temperature just above absolute zero to keep those pesky quantum entangled particles from moving around too much. The most common approaches are to use superconduct qubits or trapped ions. Superconducting qubits require those near zero temperatures and have struggles with decoherence. Trapped ions are slower to compute than superconductors, but tend to have longer coherence. But what about just using good old light, like photons and stuff. That's what Canadian startup Xanado is working on with their quantum computer named Aurora. The computer is composed of rack size units combined in a modular style, with the photonic qubit being constructed from laser pulses that are refined through fiber optics and lenses.

[00:01:33.26]
Ned: The modular nature of the system allows it to be expanded and scaled, and only the photon counter needs to be kept at frigid temperatures. The company has successfully built a 12 1,121 qubit computer, which is admittedly not that impressive in comparison to the likes of IBM's Condor system that has 1,121 qubits. The devil's in the details, though, and just because you have that many qubits doesn't mean you can do anything useful with them due to decoherence and high error rates. Xanado believes their technology can solve for both while using more cots components that will eventually bring the price down for quantum computing to reasonable levels. Does this sound like a potential full episode around different quantum computing hardware architectures? It sure does. Chris, get on that.

[00:02:26.16]
Chris: Oh, I'm sorry, I wasn't listening. I was decoherent.

[00:02:29.28]
Ned: It's funny. You're a funny man.

[00:02:35.16]
Chris: Zuckerberg complains about Facebook meeting leaks in recent Facebook meeting leak. Honestly, that was my best shot at one-upping the original headline, which actually read, quote, Everything I say leaks, Zuckerberg says in leaked meeting audio.

[00:02:51.05]
Ned: Pretty good.

[00:02:52.29]
Chris: The whole thing is very funny and speaks to how absolutely clueless and out of touch Zuckerberg is from his own company. If you're not familiar with the history here, Zuck and Co used to host these whole company town hall meetings where literally anyone could say anything, and the C-suite would see it and would be able to respond to it in real time. But what kept happening was the little people kept getting out of line and saying things that Zuck didn't like, so now people can vote on topics for him to ramble on upon seemingly with no preparation whatsoever. So you still do get an unvarnished Zuckerberg, and by unvarnished, I mean, my God, he looks terrible. How could a person look so much like a bag of milk? Zuckerberg is also mad and a bit mystified about how everything he says leaks. I have my own thoughts on the why, and they all boil down to basically, everyone in the company hates you, Mark, and the direction you're forcing the company and society to go in, which is exactly the opinion of basically all the comments on the linked article. I was going to quote one of them at length, but I decided to leave that as an exercise for the reader.

[00:04:14.08]
Chris: I will say that one of them called Zuckerberg a pre-divorced shitweasel, which just... Chef's kiss. Absolutely magical. James Joyce couldn't have said it better.

[00:04:26.05]
Ned: He would have said it with a lot more words. Hpe and Juniper deal is in the DOJ crosshairs. Hpe announced their intention to acquire Juniper Networks for $14 billion back in January 2024, about a year ago. This was intended to expand their network portfolio and reach out to more telecom customers. While it is a sizable merger, no one really expected a whole lot of trouble from the various governmental watchdogs. And up until last week, that did seem to be the case. The EU and the UK They have both given their blessing, and everyone believed that the FTC in the US would do the same, but not so. The Department of Justice has filed suit in Northern California last week to block the merger from going forward, citing concerns about shrinking WLAN equipment market. For those who don't follow this thing, and why would you, HPE bought wireless-focused Aruba networking back in 2015 to augment both their WLAN and campus switching portfolio. When it comes to major players in the WLAN scene, it's pretty much Cisco at the top, followed by Aruba, Huawei, Ubiquity, Comscope, and Juniper. Of those, Comscope I've never heard of, but the other ones should be pretty familiar.

[00:05:47.16]
Ned: Since Huawei is basically a no-go in the United States, the combination of HPE and Juniper would give HPE a market share of roughly 20 to 25%. In the eyes of the DOJ, that is a disservice to customers, and they will not allow the deal to go through. Hpe and Juniper are successful companies. But rather than continue to compete as rivals in the W land marketplace, they seek to consolidate increasing concentration in an already concentrated market. It seems true. Naturally, HPE and Juniper said, No, and stuck their fingers in their ears, and while stomping vigorously, screamed something about the of the W land market actually being better for customers. It's pro-customer for reasons. Personally, I think there's been quite enough consolidation in tech, and we could stand with a little more competition. While I don't always agree with government intervention, in this case, pretty okay with it. I think the Aruba folks feel the same. Rumor is they were pretty pissed about the Juniper mist line of products being the new Bell of the Ball at HPE.

[00:07:04.12]
Chris: Apple Silicon CPUs found to be vulnerable to side channel attacks. Apple's Silicon chips, those are the ones that start with M and have a number after it, have made a ton of waves since their introduction. They have the A-Series of chips for mobiles. They're not as exciting for some reason. Probably because they've been there longer. But anyway, the Silicon chips, the M1, M2, M3, etc, have outperformed X86 variants competition in whatever test reviewers can throw at them. This week, researchers announced that they even compete in less august competitions, in this case, having security vulnerabilities. How exciting. Security researchers from the Georgia Institute of Technology in the US and Ruhr University in Germany, detailed two attacks with the really, really tortured acronyms of slap and SLAP. Slap, which is apparently short for data speculation attacks via load address prediction on Apple Silicon. It's not how acronyms work, people.

[00:08:14.04]
Ned: Is it different in the German?

[00:08:15.21]
Chris: I hope so. Anyway, SLAP relies on an M2 or A15 chip using a load address predictor. This feature tries to guess what the CPU will ask for next and goes ahead and prefetches it. Problem is with guessing, sometimes you guess wrong. And the CPU could, in this case, pull memory that it should not have accessed. Taking advantage of this, researchers show the possibility of recovering email and browsing behavior from Safari. Flop, which I'm not even going to go into what it's short for, is an M13 A7 2017 issue, which again relies on speculative memory loads and executions. Neither of these is great, and both have proof of concepts on the research website. Basically, the way they work is by tricking the CPU into pulling info from other tabs and memory areas that the browser is designed to keep isolated. Getting them to work, the security vulnerabilities themselves, getting these proof of concepts to work is a challenge, but the fact that they work at all is concerned learning. The work will be presented in detail in 2025 at USNIC Security and IEEE symposium conferences. Apple themselves have not publicly said what they're going to do about it, but so far it seems like they believe the issue does not pose any immediate risk.

[00:09:49.11]
Chris: Intel, as you might remember, has had plenty of problems with security because of speculative execution and prefetching in the past. I don't know. Maybe Maybe I'm just talking crazy here, but CPUs are so fast these days, it is literally unimaginable. Maybe we could just stop doing speculative execution and prefetch?

[00:10:14.29]
Ned: I mean, maybe? I honestly don't know enough to answer that question. Maybe we should have on an expert. If anybody out there is an expert on this thing, give us a call or send us a message. Chaoslever. Com. We don't accept calls, especially if they're calling collect. All right, that's it. We're done now. Go away. Bye.