The group responsible for the initial public macOS kernel memory corruption exploit on M5 silicon has revealed new insights on how Mythos Preview facilitated the evasion of a five-year Apple security initiative in just five days.
## A touch of technical context
Last year, Apple launched Memory Integrity Enforcement (MIE), a hardware-augmented memory safety framework aimed at significantly complicating memory corruption exploits. MIE is founded on Arm’s Memory Tagging Extension (MTE), a specification that serves as a mechanism for hardware to aid in detecting memory corruption flaws.
At its essence, MTE is a system for tagging memory and checking tags, where each memory allocation is assigned a secret tag; the hardware ensures that subsequent memory access requests are honored only if they contain the matching tag. When the tags do not correspond, the application fails, and the occurrence is logged. This enables developers to promptly detect memory corruption issues as they arise.
Nonetheless, Apple determined that MTE was insufficient in certain scenarios, prompting the creation of MIE, which is embedded in Apple hardware and software across all models of iPhone 17 and iPhone Air. MIE utilizes the chip itself to assist in identifying and preventing specific memory corruption attacks prior to their exploitation.
## Introducing the Calif team
Recently, security analysts at Calif employed Anthropic’s Mythos Preview model to unveil a new macOS security flaw by intertwining two bugs with several techniques to compromise the Mac’s memory and access areas of the device that should remain off-limits.
The team has provided further insights on how they carried out the exploit, including a 20-second video showcasing the kernel memory corruption exploit in effect. They observed that while Apple dedicated most of its MIE efforts towards iOS, it has recently extended it to MacBooks with the M5 chip.
According to the Calif team, Apple invested five years in developing MIE, likely allocating billions of dollars. Their research suggested that MIE thwarts every public exploit chain targeting modern iOS, including the recently disclosed Coruna and Darksword exploit kits.
The Calif team compromised MIE on the M5 in merely five days. Their macOS attack vector was an unintentional finding, with the initial bugs uncovered on April 25th and a functional exploit ready by May 1st. The exploit constitutes a data-only kernel local privilege escalation chain directed at macOS 26.4.1 (25E253), initiating from a non-privileged local user and culminating in a root shell.
They possess a 55-page technical document detailing the hack, which they will withhold until Apple releases a remedy for the exploit. Nonetheless, they indicated that Mythos Preview was instrumental in pinpointing the bugs and aiding throughout the exploit development phase.
Mythos Preview is highly effective; once it acquires knowledge of how to tackle a category of issues, it generalizes to virtually any challenge within that category. The bugs were identified swiftly because they align with known bug categories, but circumventing MIE, a new premier mitigation, necessitated human skill.
The Calif team aimed to evaluate the synergy between sophisticated AI models and human knowledge. Accomplishing a kernel memory corruption exploit against leading protections in a mere week is noteworthy and underscores the potential of this collaboration.
Their finding led to a visit to Apple Park, where they presented their vulnerability research report directly to Apple. They noted that Apple’s MIE, akin to the majority of security mitigations, was formulated in an era preceding Mythos Preview, implying that as small teams harness AI, the realm of security vulnerabilities may undergo dramatic transformations.
For more information, you can read the complete post by the Calif team.