Security researchers have successfully developed the first public macOS kernel exploit targeting Apple’s M5 silicon, effectively bypassing the hardware’s advanced memory protection mechanisms. This exploit, crafted by Calif researchers Bruce Dang, Dion Blazakis, and Josh Maine, enables local privilege escalation (LPE) on macOS 26.4.1 (25E253) running on M5 hardware.
The exploit initiates from an unprivileged local user account, utilizes standard system calls, and achieves full root shell access, all while Apple’s Memory Integrity Enforcement (MIE) remains active. The team identified two critical vulnerabilities on April 25, collaborated two days later, and had a functional exploit by May 1.
First Public macOS Kernel Exploit
Instead of following the standard bug bounty submission process, the researchers personally delivered a comprehensive 55-page report to Apple Park in Cupertino. This approach aimed to circumvent the congested submission queues typical during events like Pwn2Own. Detailed technical information will be disclosed once Apple releases a patch.
MIE, built on ARM’s Memory Tagging Extension (MTE) architecture, is Apple’s hardware-assisted memory safety system. Introduced as a key security feature of the M5 and A19 chips, Apple invested five years and substantial resources into developing MIE to counteract kernel memory corruption exploits. According to Apple’s research, MIE disrupts all known public exploit chains against modern iOS, including the leaked Coruna and Darksword exploit kits.
The researchers leveraged Anthropic’s Mythos Preview, an advanced AI model, to identify the vulnerabilities and assist in exploit development. Calif describes the model as capable of generalizing attack patterns across entire vulnerability classes once it has learned a problem type. While the vulnerabilities were quickly identified due to their classification, bypassing MIE autonomously still required significant human expertise, highlighting the effectiveness of human-AI collaboration.
The rapid five-day development of this exploit against a protection that took Apple five years to build underscores the potential of AI-assisted offensive security research. Memory corruption remains a prevalent vulnerability across modern platforms, including iOS and macOS. Security mitigations like MIE are designed to increase the difficulty of exploitation, not eliminate it entirely.
This research indicates that as AI models become more adept at uncovering unknown bugs within known classes, even advanced hardware mitigations may face reduced effectiveness over time. Calif refers to this as the onset of the “AI bugmageddon” era, where small, AI-augmented security teams can achieve feats previously possible only for large, well-funded organizations.
Apple is reportedly working on a fix. Until a patch is released, systems running macOS 26.4.1 on M5 hardware remain at theoretical risk from local privilege escalation via this unpublished chain.
As AI continues to evolve, its role in both identifying and exploiting vulnerabilities will likely grow, challenging existing security frameworks and necessitating continuous adaptation from technology companies.
Source: CyberSecurityNews
