Overview
- Calif, which published its claim Thursday, says it built a data-only macOS kernel exploit on M5 hardware that still works with Memory Integrity Enforcement turned on.
- Memory Integrity Enforcement is Apple’s hardware system that tags memory and checks those tags to block common corruption attacks.
- The reported chain targets macOS 26.4.1 on bare-metal M5, begins from an unprivileged local user using standard system calls, and ends with a root shell by linking two bugs.
- The company says it briefed Apple in person at Apple Park and is withholding a 55‑page technical report until a patch ships, and Apple says it is reviewing the findings.
- Calif credits Anthropic’s restricted Mythos Preview with quickly spotting the bugs and speeding development, though human experts were needed to craft the MIE bypass.