The team behind the first public macOS kernel memory corruption on M5 silicon has shared fresh details on how the Mythos Preview helped Apple beat five years of security efforts in five days.
A bit of technical information
Last year, Apple introduced Ensuring memory integrity (MIE), a hardware-assisted memory security system designed to make memory corruption exploits more difficult.
Like Apple he explainedMIE is largely built on Arm’s Memory Tagging Extension (MTE), which the 2019 specification says works “as a hardware tool to help find memory corruption errors.”
Here is Apple:
MTE is essentially a memory tagging and tag verification system where each memory allocation is tagged with a secret; the hardware guarantees that subsequent requests to access memory will only be granted if the request contains the correct secret. If the secrets do not match, the application crashes and an event is logged. This allows developers to immediately identify memory corruption errors as they occur.
The problem is that Apple found that MTE was not robust enough under certain conditions, so it developed MIE and built it into “Apple hardware and software on all iPhone 17 and iPhone Air models.”
To summarize, MIE is Apple’s hardware-backed memory security system. It builds on Arm’s MTE specification and uses the chip itself to help detect and block certain memory corruption attacks before they can be exploited.
You can learn more about MIE here.
Enter, Team Calif
early today The Wall Street Journal informed Security researchers in California took advantage of this fact Anthropic’s Mythos Preview model Exposing a new macOS security vulnerability by combining “two bugs and several techniques to corrupt Mac memory and then gain access to inaccessible parts of the device.”
Now there’s the team behind the exploit shared a few additional details Here’s a 20-second video of how they did it, including a kernel memory corruption exploit.
in the year postthey note that while Apple has focused most of its MIE efforts on iOS, the company recently brought it to MacBooks with the M5 chip.
Here it is California:
It took Apple (MIE) five years to build. Probably billions of dollars too. According to their study, MIE violates every public exploit chain against modern iOS, including the recently leaked Coruna and Darksword exploit kits.
Then, they comment On how they broke MIE on the M5 in just five days:
Our macOS attack path was actually an accidental discovery. Bruce Dang found these bugs on April 25. Dion Blazakis joined Calif on April 27. Josh Maine set up the tools and on May 1st we had a working exploit.
The exploit is an information-only kernel local privilege escalation chain that targets macOS 26.4.1 (25E253). It starts as an unprivileged local user, uses only normal system calls, and ends with the root shell. The implementation path includes two vulnerabilities and several techniques, targeting bare metal M5 hardware with nuclear MIE enabled.
They are explain they have a 55-page technical report on the hack, but won’t release it until Apple ships a fix for the exploit.
But they do record broadly speaking, Anthropic’s Mythos Preview model helped them identify bugs and helped them throughout the entire co-op development process:
Mythos Preview is powerful: once you learn how to attack a problem class, it generalizes almost any problem in that class. Mythos quickly discovered bugs because they belonged to known bug classes. But MIE is the new best-in-class softener, so it might be hard to bypass autonomously. This is where the human experience comes in.
Part of our motivation was to test what is possible when the best models are combined with experts. Opening a nuclear memory breach against the best defenses in a week is remarkable and says something powerful about this pairing.
In In the post, they also note that the discovery led them to visit Apple Park, where they shared the vulnerability research report directly with Apple.
They also noted that Apple’s MIE, like most security measures currently in use, was built “in a pre-Mythos Preview world,” adding that while even small teams can make discoveries like this with AI, “we’re about to learn how the best mitigation technology on Earth held up during the first AI bugmageddon.”
To read Calif’s full post, follow this link.
It’s worth checking out on Amazon
FTC: We use automatic affiliate links that generate income. More.
