Calif Exploits macOS M5 Security with Mythos in Just Five Days

Severity: High (Score: 67.5)

Sources: security.apple.com, Letsdatascience, 9To5Mac

Summary

Vietnam-based security researchers at Calif developed a macOS kernel memory corruption exploit that bypasses Apple's Memory Integrity Enforcement (MIE) on M5 hardware. The exploit was created using Anthropic's Mythos Preview, which aided in identifying vulnerabilities and developing the exploit within five days. The team discovered initial bugs on April 25, 2026, and had a working exploit by May 1, targeting macOS 26.4.1. The exploit allows escalation from an unprivileged local user to root access by linking two distinct vulnerabilities and employing various techniques. Calif has shared their findings with Apple but has not released a detailed technical report until a fix is available. The exploit demonstrates the potential of AI-assisted tools in cybersecurity research while highlighting the ongoing challenges posed by memory corruption vulnerabilities. Key Points: • Calif developed a macOS exploit bypassing Apple's MIE in just five days using Mythos Preview. • The exploit targets macOS 26.4.1 on M5 hardware, escalating privileges from local user to root. • Calif's findings were shared with Apple, but a detailed report will be withheld until a fix is released.

Key Entities

• Malware (attack_type)
• Zero-day Exploit (attack_type)
• Apple (company)
• CWE-120 - Classic Buffer Overflow (cwe)
• Cwe-125 - Out-of-bounds Read (cwe)
• Cwe-362 - Race Condition (cwe)
• Cwe-416 - Use After Free (cwe)
• Cwe-787 - Out-of-bounds Write (cwe)
• Coruna (malware)
• DarkSword (malware)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• Android (platform)
• IOS (platform)
• Linux (platform)
• MacOS (platform)
• Windows (platform)
• Mythos Preview (tool)
• Spectre (vulnerability)