Overview
- Calif disclosed Thursday that it built a macOS kernel exploit that works on M5 with Memory Integrity Enforcement turned on and ends with a root shell.
- The chain is data-only, starts from an unprivileged local account, uses normal system calls, and links two separate bugs.
- Memory Integrity Enforcement tags memory in hardware to stop unsafe reads and writes, yet data-only attacks can still change kernel data that controls access.
- Calif says Anthropic’s Claude Mythos Preview quickly surfaced the bugs and sped development, with human experts guiding the bypass of MIE.
- Calif briefed Apple in person and is holding back full details until a fix ships, as reporters note macOS Tahoe 26.5 release notes credit Calif with related fixes without confirming a patch for this chain.