First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days
Cybersecurity NewsArchived May 17, 2026✓ Full text saved
Apple’s M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company’s notable hardware-level memory protection. Researchers from Calif, Bruce Dang, Dion Blazakis, and Josh Maine, developed a working kernel local privilege escalation (LPE) exploit targeting macOS 26.4.1 (25E253) on bare-metal M5 hardware. The […] The post First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days ap
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days
By Guru Baran
May 17, 2026
Apple’s M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company’s notable hardware-level memory protection.
Researchers from Calif, Bruce Dang, Dion Blazakis, and Josh Maine, developed a working kernel local privilege escalation (LPE) exploit targeting macOS 26.4.1 (25E253) on bare-metal M5 hardware.
The exploit chain starts from an unprivileged local user account, uses only standard system calls, and delivers a full root shell, all while Apple’s Memory Integrity Enforcement (MIE) is active.
The team discovered the two underlying bugs on April 25, joined forces two days later, and had a working exploit running by May 1.
First Public macOS Kernel Exploit
Rather than submitting through the standard bug bounty pipeline, the researchers walked the 55-page printed report directly into Apple Park in Cupertino, a deliberate move to avoid the crowded submission queues seen during events like Pwn2Own. Full technical details will be published only after Apple ships a patch.
Memory Integrity Enforcement is Apple’s hardware-assisted memory safety system, built on ARM’s Memory Tagging Extension (MTE) architecture.
Introduced as the marquee security feature of the M5 and A19 chips, Apple spent five years, and reportedly billions of dollars, engineering MIE to specifically disrupt kernel memory corruption exploits.
According to Apple’s own research, MIE disrupts every known public exploit chain against modern iOS, including the leaked Coruna and Darksword exploit kits.
The breakthrough was made possible in part by Anthropic’s Mythos Preview, a powerful AI model that helped identify the two vulnerabilities and assisted throughout the exploit development process.
Calif describes the model as capable of generalizing attack patterns across entire vulnerability classes once it has learned a problem type.
The bugs were discovered quickly because they fall within known bug classes; however, autonomously bypassing MIE still required significant human expertise, underscoring the power of a human-AI pairing.
The five-day development timeline against a protection that took Apple five years to build is being cited as a significant benchmark for AI-assisted offensive security research.
Memory corruption remains the most prevalent vulnerability class across all modern platforms, including iOS and macOS. Security mitigations like MIE are designed to raise the cost of exploitation, not make it impossible.
This research demonstrates that as AI models grow more capable at surfacing unknown bugs in known classes, even best-in-class hardware mitigations face a narrowing window of effectiveness.
Calif frames the exploit as a preview of what it calls the “AI bugmageddon” era a period where small, AI-augmented security teams can achieve what previously required large, well-funded organizations.
Apple was built in a world before Mythos Preview; this exploit signals that the calculus of hardware security is already beginning to shift.
Apple is reportedly working on a fix. Until a patch is released, systems running macOS 26.4.1 on M5 hardware remain at theoretical risk from local privilege escalation via this unpublished chain.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
vulnerability
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
VMware Fusion Vulnerability Let Attackers Escalate Privilege to Root
Microsoft Patch Tuesday May 2026 – 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws
Critical Next.js Vulnerability Exposes Cloud Credentials, API keys, and Admin Panels
Amazon Redshift JDBC Driver Vulnerabilities Enables Remote Code Execution Attacks
Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices
Latest News
Cyber Security News
JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers
Cyber Security News
Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities
Cyber Security News
Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords
Cyber Security News
Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices
Android
Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address