First public macOS kernel exploit bypasses Apple M5 MIE protection
Original: First public macOS kernel memory corruption exploit on Apple M5
Why This Matters
Demonstrates AI-assisted exploit development can bypass Apple's latest hardware security protections
Security researchers at Calif developed the first public macOS kernel memory corruption exploit targeting Apple's M5 chip with MIE protection. The exploit achieves local privilege escalation in five days using AI assistance.
Calif security researchers, working with AI model Mythos Preview, developed a kernel memory corruption exploit for macOS 26.4.1 on Apple M5 hardware with Memory Integrity Enforcement (MIE) enabled. The exploit chain uses two vulnerabilities to escalate from unprivileged user to root shell through normal system calls. Apple's MIE, built on ARM's Memory Tagging Extension, was designed over five years to prevent memory corruption exploits. The team found bugs on April 25th and completed the working exploit by May 1st. Bruce Dang discovered the vulnerabilities, Dion Blazakis joined development April 27th, and Josh Maine built supporting tools. The researchers reported findings directly to Apple at their Cupertino headquarters rather than through standard channels.