A newly uncovered hardware flaw in Apple’s processors is causing quite a stir. It allows attackers to access sensitive information from apps like Gmail, even when browsers like Safari and Chrome are supposedly keeping everything secure. Yikes, right?

Here’s the lowdown: when you have one tab open on a site like Gmail and another on an attacker’s page, the bad guys can sneak a peek at your private data. Think email contents, location history, and even credit card details. Not exactly what you signed up for when you bought that shiny Apple device.

Researchers explained that this flaw, dubbed SLAP and FLOP, bypasses the usual safeguards that keep webpage tabs isolated. FLOP is the more serious of the two because it can read nearly any memory address in your browser and works on both Safari and Chrome. SLAP, on the other hand, is limited to Safari and can only access certain strings of data. Still, neither is good news.

Affected devices include:
• All Mac laptops and desktops from 2022–2023.
• iPads released since September 2021.
• iPhones from the 13 series onward, including the SE 3rd gen.

The issue stems from a feature called the LVP (Load Value Predictor) in Apple’s M3 and A17 chips. Researchers found that this predictor can be tricked into using incorrect data, opening the door to these attacks.

Apple hasn’t released a fix yet, so it’s a good idea to stay vigilant with your online activity. Keep an eye out for updates—and maybe avoid opening sketchy tabs for now. Your inbox (and your wallet) will thank you.