Back

Calif Researchers Bypass Apple's Memory Integrity Enforcement with macOS Exploit

Severity: High (Score: 64.5)

Sources: calif.io, security.apple.com, Daringfireball, Letsdatascience, 9To5Mac

Summary

Security researchers from Calif announced the development of a macOS kernel memory corruption exploit that successfully bypasses Apple's Memory Integrity Enforcement (MIE) on M5 hardware. The exploit was achieved in just five days, starting from the discovery of vulnerabilities on April 25, 2026, and culminating in a working exploit by May 1, 2026. The attack method involved linking two distinct bugs and utilizing techniques to escalate privileges from an unprivileged local user to root. Calif reported that while Anthropic's Mythos Preview model aided in vulnerability discovery and exploit development, human expertise was crucial for bypassing MIE. This incident highlights the ongoing challenges in memory safety despite Apple's significant investment in security features. The exploit targets macOS 26.4.1 and is the first public exploit reported against MIE hardware. A detailed report on the exploit will be released after Apple issues a fix. Key Points: • Calif developed a working macOS exploit that bypasses Apple's MIE in five days. • The exploit targets macOS 26.4.1 on M5 hardware, escalating privileges from local user to root. • Anthropic's Mythos Preview assisted in vulnerability discovery, but human expertise was essential.

Key Entities

  • Malware (attack_type)
  • Zero-day Exploit (attack_type)
  • Apple (company)
  • CWE-120 - Classic Buffer Overflow (cwe)
  • Cwe-125 - Out-of-bounds Read (cwe)
  • Cwe-362 - Race Condition (cwe)
  • Cwe-416 - Use After Free (cwe)
  • Cwe-787 - Out-of-bounds Write (cwe)
  • Coruna (malware)
  • DarkSword (malware)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • Android (platform)
  • IOS (platform)
  • Linux (platform)
  • MacOS (platform)
  • Windows (platform)
  • Afl-fuzz (tool)
  • Mythos Preview (tool)
  • Beast (ransomware_group)
  • Crime (vulnerability)
  • Poodle (vulnerability)
  • Spectre (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed