The team behind the first public macOS kernel memory corruption exploit on the M5 silicon has shared new details on how Mythos Preview helped circumvent a five-year Apple security effort in five days.
A little technical knowledge
Last year, Apple introduced Memory Integrity Enforcement (MIE), a hardware-assisted memory security system designed to make memory corruption exploits much more difficult to execute.
As Apple explained, MIE is essentially built on Arm’s Memory Tagging Extension (MTE), a 2019 specification that functions “as a hardware tool for detecting memory corruption bugs.”
Here is Apple:
MTE is, at its core, a memory tagging and verification system, in which each memory allocation is tagged with a secret; the hardware ensures that subsequent requests for memory access will only be granted if the request contains the correct secret. If the secrets do not match, the application crashes and the event is logged. This allows developers to identify memory corruption bugs immediately as they arise.
The problem is that Apple found that MTE wasn’t robust enough in certain circumstances, so it developed MIE and integrated it “into the Apple hardware and software of all iPhone 17 and iPhone Air models.”
To summarize, MIE is Apple’s hardware-assisted memory security system. It’s built on the Arm MTE specification and uses the chip itself to help detect and block certain memory corruption attacks before they can be exploited.
You can learn more about MIE here.
Enter, Team California
Earlier today, The Wall Street Journal reported that security researchers in California used Anthropic’s Mythos Preview model to expose a new macOS security vulnerability by linking “two bugs and a handful of techniques to corrupt Mac memory and then access parts of the device that should be inaccessible.”
Now, the team behind the exploit has shared a few more details about how they did it, including a 20-second video of the kernel memory corruption exploit in action.
In the article, they note that although Apple has focused most of its MIE efforts on iOS, the company recently also introduced it to MacBooks with the M5 chip.
This is California:
Apple spent five years building (MIE). Probably billions of dollars too. According to their research, MIE disrupts all public exploit chains against modern iOS, including the recently leaked Coruna and Darksword exploit kits.
Then they comment on how they broke the MIE on the M5 in just five days:
Our macOS attack path was actually an accidental discovery. Bruce Dang found the bugs on April 25. Dion Blazakis returned to California on April 27. Josh Maine built the tooling and by May 1st we had a working achievement.
The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253). It starts from an unprivileged local user, uses only normal system calls, and terminates with a root shell. The implementation path involves two vulnerabilities and multiple techniques, targeting bare-metal M5 hardware with the MIE kernel enabled.
They say they have a 55-page technical report on the hack, but won’t release it until Apple provides a patch for the exploit.
But they note in general terms that Anthropic’s Mythos Preview model helped them identify bugs and assisted them through the collaborative exploit development process:
Mythos Preview is powerful: once it has learned to attack a class of problems, it generalizes to almost all problems in that class. Mythos discovered the bugs quickly because they belong to known bug classes. But MIE is a new premium mitigation, so bypassing it autonomously can be tricky. This is where human expertise comes into play.
Part of our motivation was to test what is possible when the best models are paired with experts. The discovery of a kernel memory corruption exploit against the best protections within a week is remarkable and speaks volumes about this pairing.
In the article, they also mention that this discovery earned them a visit to Apple Park, where they shared their vulnerability research report directly with Apple.
They also noted that Apple’s MIE, like most security mitigations currently in use, was built “in a world before Mythos Preview,” adding that in an era where even small teams, with the help of AI, can make discoveries like this, “we are about to learn how the best mitigation technology on Earth holds up to AI’s first bugmageddon.”
To read Calif’s full article, follow this link.
To discover on Amazon
FTC: We use automatic, revenue-generating affiliate links. More.