Researchers build first public macOS kernel exploit on Apple M5 with help from Mythos Preview
6 min. read 
Published on
Security researchers at Calif say they built the first public macOS kernel memory corruption exploit targeting Apple M5 hardware with Memory Integrity Enforcement enabled.
The exploit targets macOS 26.4.1 build 25E253 and turns access from an unprivileged local user into a root shell. Calif said the chain uses normal system calls and works on bare-metal M5 hardware, not a simulator.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The research does not mean attackers are actively exploiting Mac users in the wild. Calif said it has shared the findings with Apple and plans to release its full 55-page technical report only after Apple ships a fix.
What the M5 macOS exploit does
The exploit is a local privilege escalation chain. That means an attacker would first need local code execution or access to a user account on the Mac before trying to gain higher privileges.
According to Calif, the attack path uses two vulnerabilities and several exploitation techniques to bypass Apple’s Memory Integrity Enforcement, also known as MIE. The final result is root access, which gives much deeper control over the system.
The researchers said Bruce Dang found the bugs on April 25. Dion Blazakis joined the work on April 27, and Josh Maine built the tooling. By May 1, the team had a working exploit.
| Detail | What was reported |
|---|---|
| Target platform | macOS 26.4.1 build 25E253 on Apple M5 hardware |
| Exploit type | Kernel local privilege escalation |
| Starting point | Unprivileged local user |
| End result | Root shell |
| Mitigation bypassed | Memory Integrity Enforcement |
| AI tool used | Anthropic’s Mythos Preview |
Why bypassing Memory Integrity Enforcement matters
Apple introduced Memory Integrity Enforcement as a major hardware-backed defense against memory corruption bugs. Apple says MIE combines Apple silicon, operating system protections, secure memory allocators, and Enhanced Memory Tagging Extension.
The system checks whether memory access uses the correct tag. If the tag does not match, the system can block the access and crash the process. This makes common memory corruption attacks harder to turn into working exploits.
Apple says MIE protects key attack surfaces, including the kernel. It also says the technology was developed over five years and represents one of the company’s biggest memory safety upgrades.
Mythos Preview helped find and develop the attack
Calif said Mythos Preview helped identify the bugs and assisted during exploit development. However, the company also said human expertise remained important, especially when turning the bugs into a working chain against MIE.
The distinction matters. Mythos did not simply replace the researchers. Calif described the work as a human and AI pairing, where the model helped with known bug classes while experts guided the exploit through Apple’s newer hardware mitigation.
Anthropic launched Project Glasswing in April 2026 to give selected partners access to Claude Mythos Preview for defensive cybersecurity work. Anthropic says the model can find and help exploit zero-day vulnerabilities when directed by users, which is why access remains controlled.
Apple has not published a patch yet
Calif said it walked the printed report into Apple Park and briefed Apple before publishing full technical details. That approach limits copycat risk while giving Apple time to prepare a fix.
Until Apple releases a patch, the practical risk remains hard to measure. The exploit requires local access, and the full chain is not public. Still, local privilege escalation bugs can matter when combined with other attacks, such as malware delivery, phishing, or browser compromise.
Apple has not yet published a public advisory for these specific vulnerabilities. Users should keep macOS updates enabled and install security updates as soon as Apple releases them.
What Mac users should do now
Most Mac users do not need to panic. This research shows a serious technical breakthrough, but it does not confirm active attacks against customers.
The safest response is to keep basic security habits in place. Local privilege escalation attacks usually need a first step before they can matter, so blocking suspicious apps and downloads still reduces risk.
- Install macOS security updates as soon as Apple releases them.
- Avoid running apps from unknown or untrusted sources.
- Keep Gatekeeper and system security protections enabled.
- Do not approve unexpected security prompts or installer requests.
- Use standard user accounts where possible instead of daily admin use.
- Monitor Apple’s security release notes for future M5 and macOS fixes.
Why this points to a larger AI security shift
The bigger story is not only that researchers bypassed a new Apple defense. It is that advanced AI systems can now help experienced researchers move faster across complex vulnerability classes.
Security teams have long used automation, fuzzing, and static analysis to find bugs. Mythos Preview appears to push that process further by helping researchers reason through vulnerabilities and exploit paths more quickly.
That creates pressure on software vendors. If AI-assisted researchers can find serious bugs faster, vendors will need faster triage, patching, and code review systems. The same technology that helps defenders can also reduce the time attackers need to understand weaknesses.
A warning for the next phase of platform security
Apple’s MIE still raises the cost of exploitation. Calif’s work does not prove the protection failed as a whole. It shows that even strong mitigations can be bypassed when attackers find the right combination of bugs and techniques.
For Apple, the incident gives its security team a rare chance to study a working exploit against one of its newest memory safety systems. For the wider industry, it offers a preview of how AI-assisted vulnerability research may reshape offensive and defensive security.
The full impact will become clearer after Apple patches the bugs and Calif publishes the technical report. For now, the research stands as an early test of how hardware security holds up when expert researchers work with frontier AI tools.
FAQ
No public evidence shows that attackers are using this exploit in the wild. Calif described it as a researcher-developed local privilege escalation exploit disclosed to Apple before full technical details are released.
The exploit starts from an unprivileged local user account on macOS 26.4.1 and ends with a root shell. That means it can raise local access to much higher system privileges.
Memory Integrity Enforcement is Apple’s hardware-backed memory safety system. It uses Apple silicon, secure memory allocators, Enhanced Memory Tagging Extension, and tag confidentiality protections to make memory corruption attacks harder.
No. Calif said Mythos Preview helped identify the bugs and assisted during exploit development, but human expertise was still needed to build a working chain against Apple’s protections.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages