Author: Richard

The group responsible for the initial public macOS kernel memory corruption exploit on M5 silicon has revealed new insights on how Mythos Preview facilitated the evasion of a five-year Apple security initiative in just five days.

## A touch of technical context

Last year, Apple launched Memory Integrity Enforcement (MIE), a hardware-augmented memory safety framework aimed at significantly complicating memory corruption exploits. MIE is founded on Arm’s Memory Tagging Extension (MTE), a specification that serves as a mechanism for hardware to aid in detecting memory corruption flaws.

At its essence, MTE is a system for tagging memory and checking tags, where each memory allocation is assigned a secret tag; the hardware ensures that subsequent memory access requests are honored only if they contain the matching tag. When the tags do not correspond, the application fails, and the occurrence is logged. This enables developers to promptly detect memory corruption issues as they arise.

Nonetheless, Apple determined that MTE was insufficient in certain scenarios, prompting the creation of MIE, which is embedded in Apple hardware and software across all models of iPhone 17 and iPhone Air. MIE utilizes the chip itself to assist in identifying and preventing specific memory corruption attacks prior to their exploitation.

## Introducing the Calif team

Recently, security analysts at Calif employed Anthropic’s Mythos Preview model to unveil a new macOS security flaw by intertwining two bugs with several techniques to compromise the Mac’s memory and access areas of the device that should remain off-limits.

The team has provided further insights on how they carried out the exploit, including a 20-second video showcasing the kernel memory corruption exploit in effect. They observed that while Apple dedicated most of its MIE efforts towards iOS, it has recently extended it to MacBooks with the M5 chip.

According to the Calif team, Apple invested five years in developing MIE, likely allocating billions of dollars. Their research suggested that MIE thwarts every public exploit chain targeting modern iOS, including the recently disclosed Coruna and Darksword exploit kits.

The Calif team compromised MIE on the M5 in merely five days. Their macOS attack vector was an unintentional finding, with the initial bugs uncovered on April 25th and a functional exploit ready by May 1st. The exploit constitutes a data-only kernel local privilege escalation chain directed at macOS 26.4.1 (25E253), initiating from a non-privileged local user and culminating in a root shell.

They possess a 55-page technical document detailing the hack, which they will withhold until Apple releases a remedy for the exploit. Nonetheless, they indicated that Mythos Preview was instrumental in pinpointing the bugs and aiding throughout the exploit development phase.

Mythos Preview is highly effective; once it acquires knowledge of how to tackle a category of issues, it generalizes to virtually any challenge within that category. The bugs were identified swiftly because they align with known bug categories, but circumventing MIE, a new premier mitigation, necessitated human skill.

The Calif team aimed to evaluate the synergy between sophisticated AI models and human knowledge. Accomplishing a kernel memory corruption exploit against leading protections in a mere week is noteworthy and underscores the potential of this collaboration.

Their finding led to a visit to Apple Park, where they presented their vulnerability research report directly to Apple. They noted that Apple’s MIE, akin to the majority of security mitigations, was formulated in an era preceding Mythos Preview, implying that as small teams harness AI, the realm of security vulnerabilities may undergo dramatic transformations.

For more information, you can read the complete post by the Calif team.

Apple has released the enterprise release notes for macOS 26.5, outlining numerous fixes for problems affecting managed Macs.

### macOS 26.5 resolves black screen issues on enterprise Macs

With the launch of macOS 26.5 earlier this week, Apple also shared its release notes and the comprehensive list of security fixes included in the update. The company has refreshed its “What’s new for enterprise in macOS Tahoe 26” page, incorporating the enterprise bug fixes found in macOS 26.5.

This update rectifies issues related to device management service enrollments and unpredicted restarts impacting the MacBook Air with M5, as well as the MacBook Pro featuring M5 Pro or M5 Max Apple silicon.

#### Key Fixes in macOS Tahoe 26.5

– Fixed an issue where some Mac computers could boot to a black screen following a software update.
– Root and intermediate certificates are properly updated upon renewing enrollment in a device management service.
– Fixed an issue where Mac computers restarted unexpectedly while connecting to SMB shares.
– Fixed an issue where MacBook Air with M5 and MacBook Pro with M5 Pro or M5 Max unexpectedly restarted when utilizing specific content filter extensions.
– Fixed an issue where successful smart card logins resulted in incorrect password attempts.
– When autofill is turned off for Safari via device management, Autofill Passwords and Passkeys can still be activated for other applications in System Settings.
– X11 applications using XQuartz now display properly after the application window is resized.
– When the Mac is not connected to Active Directory, the SMB client now conducts DNS SRV lookups for `_ldap._tcp.` and `_gc._tcp.` specified in `nsmb.conf` to identify domain controllers. If domain controllers are detected, the client attempts to connect to each sequentially. Should all attempts to connect to domain controllers fail, the client reverts to the initial server name.

For further information on how organizations can carry out software updates on managed Macs, please follow [this link](https://support.apple.com/en-gb/guide/deployment/depafd2fad80/web).