The team behind the first public macOS kernel memory corruption exploit on M5 silicon has shared new details about how Mythos Preview helped prevent a five-year Apple security effort in five days.
A little technical knowledge
Last year, Apple introduced Memory Integrity Enforcement (MIE), a hardware-assisted memory security system designed to make memory corruption exploits much more difficult to execute.
like apple explainedMIE is basically based on Arm’s Memory Tagging Extension (MTE), which is a 2019 specification that works “as a hardware tool to help find memory corruption errors.”
Here’s Apple:
MTE is, in essence, a memory tag verification and tagging system, where each memory allocation is tagged with a secret; The hardware ensures that subsequent requests to access memory are granted only if the request contains the correct secret. If the secrets do not match, the application fails and the event is logged. This allows developers to identify memory corruption errors immediately when they occur.
The problem is that Apple discovered that MTE was not robust enough in certain circumstances, so it developed MIE and integrated it “into Apple hardware and software on all iPhone 17 and iPhone Air models.”
In short, MIE is Apple’s hardware-assisted memory security system. It is based on Arm’s MTE specification and uses the chip itself to help detect and block certain memory corruption attacks before they can be exploited.
You can learn more about MIE here.
Enter, the California team
Early today, The Wall Street Journal reported about the fact that security researchers in California had used Anthropic Mythos Preview Model to expose a new macOS security vulnerability by linking “two bugs and a handful of techniques to corrupt the Mac’s memory and then gain access to parts of the device that should be inaccessible.”
Now, the team behind the exploit has shared some additional details about how they did it, including a 20-second video of the kernel memory corruption exploit in action.
In it mailpoint out that while Apple has focused most of its MIE efforts on iOS, the company has recently brought it to MacBooks with the M5 chip as well.
here it is California:
Apple spent five years building (MIE). Probably billions of dollars too. According to his research, MIE interrupts all public exploit chains against modern iOS, including the recently leaked Coruña and Darksword exploit kits.
So, they comment on how they broke the MIE on the M5 in just five days:
Our attack path to macOS was actually an accidental discovery. Bruce Dang found the bugs on April 25. Dion Blazakis joined Calif on April 27. Josh Maine built the tools and by May 1st we had a working exploit.
The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253). It starts with an unprivileged local user, uses only normal system calls, and ends with a root shell. The implementation path involves two vulnerabilities and several techniques, targeting entry-level M5 hardware with MIE kernel enabled.
They explain They have a 55-page white paper on the hack, but they won’t release it until Apple ships a fix for the exploit.
but they do note Overall, Anthropic’s Mythos Preview model helped them identify bugs and supported them throughout the collaborative exploit development process:
Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to almost any problem in that class. Mythos discovered the bugs quickly because they belong to known bug classes. But MIE is best-in-class mitigation, so avoiding it autonomously can be difficult. This is where the human experience comes into play.
Part of our motivation was to prove what is possible when the best models are combined with experts. Getting a kernel memory corruption exploit against the best protections in a week is noteworthy and says something important about this combination.
In In the post, they also mention that this discovery earned them a visit to Apple Park, where they shared their vulnerability research report directly with Apple.
They also noted that Apple’s MIE, like most security mitigations currently in use, was created “in a world before Mythos Preview,” adding that in a time when even small teams, with the help of AI, can make discoveries like this, “we’re about to learn how the best mitigation technology on Earth holds up during the first AI bugmageddon.”
To read Calif’s full post, follow this link.
Worth checking out on Amazon
FTC: We use automatic affiliate links that generate income. Further.
