A new chapter in cybersecurity has emerged with the discovery of SLAP (Speculative Load Address Poisoning) and FLOP (Floating-point Operand Poisoning) — two novel hardware vulnerabilities that affect modern CPUs, particularly those from Intel and Apple’s M-series chips. These flaws stem from speculative execution, a performance-enhancing feature that has become a double-edged sword for system security.

Understanding Speculative Execution

Speculative execution allows CPUs to predict and pre-load instructions before they are needed, dramatically boosting processing speed. However, this mechanism has proven susceptible to side-channel attacks, where threat actors exploit timing differences and cache behaviors to infer protected data.

First uncovered in the Spectre and Meltdown revelations of 2018, these vulnerabilities showed the world that even hardware thought to be secure by design could be subverted. SLAP and FLOP are the latest evolutions in this line of attack.

What SLAP and FLOP Do

SLAP enables attackers to manipulate speculative loads — essentially tricking the processor into fetching data from unauthorized memory locations during a speculative window. FLOP, on the other hand, leverages weaknesses in floating-point computations to poison data paths and access protected information. Both are non-trivial to exploit and require local access or malware execution, but in multi-tenant cloud environments or shared systems, the implications are severe.

The Response from the Tech Industry

Chipmakers are scrambling to address these vulnerabilities. Apple has begun issuing microcode and firmware patches, while Intel has coordinated with major operating systems to roll out mitigations. However, these patches often come at a performance cost — sometimes reducing system speed by 5–15%, depending on the workload.

Security researchers and vendors are calling for a rethinking of CPU architecture. Future designs may incorporate hardware-based segmentation, speculative-safe execution paths, or on-chip anomaly detection systems to reduce risk without compromising performance.

A Call to Hardware-Aware Security

For organizations, these developments underline the necessity of hardware-aware cybersecurity strategies. Endpoint protection must now include firmware auditing, supply chain validation, and close monitoring of CPU behaviors. As the line between software and hardware threats continues to blur, the security stack must evolve to encompass all layers of modern computing.