Security researchers have announced what they describe as the first public macOS kernel memory corruption exploit capable of bypassing Apple’s Memory Integrity Enforcement (MIE) protections on the latest M5 chip.
The exploit chain, developed by researchers at Calif with assistance from the AI-assisted security platform Mythos Preview, reportedly achieves local privilege escalation on macOS 26.4.1 running on Apple M5 hardware. According to the researchers, the attack starts from an unprivileged local account and ends with a root shell while operating with MIE enabled, a hardware-backed memory safety mechanism Apple introduced with the M5 and A19 chip families.
The disclosure was published after members of the team met with Apple at Apple Park earlier this week to privately share a 55-page vulnerability report detailing the exploit chain. Full technical details have not yet been released publicly, as Apple has not issued patches for the vulnerabilities involved.
Calif
Apple introduced MIE as a flagship security feature designed to harden devices against memory corruption attacks, one of the most common and dangerous vulnerability classes affecting modern operating systems. The technology builds on ARM’s Memory Tagging Extension (MTE), using hardware-assisted memory tagging to detect invalid memory access operations and make exploit development substantially more difficult.
The company has heavily promoted MIE as a major advancement in platform security, claiming it disrupts known exploit chains used in sophisticated attacks against iOS and macOS devices. The protections were specifically designed to mitigate memory corruption vulnerabilities that have historically enabled spyware deployments, sandbox escapes, and kernel-level compromises.
Calif said the exploit chain was discovered during research into how artificial intelligence systems can assist in developing exploits against modern mitigations. Researcher Bruce Dang reportedly identified the vulnerabilities on April 25, while Dion Blazakis joined the effort two days later. By May 1, the team had developed a working exploit, with Josh Maine contributing to the tooling used during development.
According to the report, the exploit leverages two vulnerabilities and several exploitation techniques to target bare-metal M5 systems. The researchers emphasized that the chain uses only legitimate system calls and does not rely on physical access or external hardware.
The attack is described as “data-only,” meaning it avoids traditional code injection methods commonly blocked by modern security controls. Data-only exploitation techniques manipulate existing memory structures and trusted execution paths instead of introducing malicious executable payloads into memory.
Mythos Preview, the AI-assisted component used during the project, reportedly helped identify vulnerabilities belonging to previously known bug classes and assisted researchers during exploitation work. The researchers argued that while AI systems can rapidly discover vulnerable patterns, bypassing newer mitigations such as MIE still requires substantial human expertise.
While the researchers framed the work as a demonstration of the evolving threat landscape rather than a catastrophic failure of Apple’s defenses, the findings may raise concerns about the resilience of hardware-assisted mitigations against increasingly capable AI tools.
Apple has not publicly commented on the report or confirmed the vulnerabilities at the time of writing.
Technical details remain withheld pending patches, and there is currently no indication that the exploit has been used in real-world attacks.
Leave a Reply