TL;DR
Researchers have publicly demonstrated the first kernel memory corruption exploit on Apple M5 silicon running macOS 26.4.1. The exploit bypasses Apple’s hardware security system, MIE, raising concerns about the robustness of Apple’s latest protections.
Researchers have publicly demonstrated a kernel memory corruption exploit on Apple’s M5 silicon, affecting macOS 26.4.1. This is the first known public exploit of its kind on M5 hardware, bypassing Apple’s hardware-assisted security system, MIE, and enabling a local privilege escalation from an unprivileged user to root.
The exploit was discovered by a team including Bruce Dang, Dion Blazakis, and Josh Maine, with technical development completed by May 1, 2024. It targets the kernel memory management in macOS 26.4.1, using two vulnerabilities to escalate privileges. The attack is data-only, requiring no user interaction beyond normal system calls, and results in a root shell.
The researchers used a combination of human expertise and AI tools, notably Mythos Preview, which helped identify and exploit the vulnerabilities. The exploit was tested on bare-metal M5 hardware with Memory Tagging Extension (MTE) and Memory Integrity Enforcement (MIE) enabled, which are designed to prevent such attacks.
Why It Matters
This development is significant because it challenges the perceived security of Apple’s latest hardware protections. MIE, introduced to prevent memory corruption exploits, was considered highly effective. Demonstrating a successful bypass indicates that even advanced hardware security systems can be circumvented, especially with AI-assisted vulnerability discovery.
For users and organizations relying on Apple devices, this raises concerns about the resilience of security features designed to protect sensitive data and prevent malicious exploits. It also signals that attackers may develop more sophisticated methods to compromise Apple systems in the future.
STREBITO Electronics Precision Screwdriver Sets 142-Piece with 120 Bits Magnetic Repair Tool Kit for iPhone, MacBook, Computer, Laptop, PC, Tablet, PS4, Xbox, Nintendo, Game Console
【Wide Application】This precision screwdriver set has 120 bits, complete with every driver bit you’ll need to tackle any…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Apple’s MIE system, built around ARM’s Memory Tagging Extension (MTE), was introduced over five years ago to combat memory corruption vulnerabilities. It has been regarded as a major security enhancement for Apple’s M5 and A19 chips, aimed at thwarting exploit chains used in previous attacks. Prior to this disclosure, no public kernel exploits on MIE-enabled hardware had been demonstrated.
The discovery was accidental but quickly developed into a working exploit within a week. This follows a broader trend of AI tools, like Mythos Preview, accelerating vulnerability research and exploit development, even against hardware with advanced mitigations.
“The exploit was discovered on April 25th and developed into a working chain by May 1st, showing the rapid pace of AI-assisted security research.”
— Bruce Dang
“This is the first public demonstration of a kernel exploit on MIE hardware, highlighting that no security system is invulnerable.”
— Dion Blazakis
binifiMux 50pcs M5-0.8mm Button Head Torx Security Screws Assortment Kit w T25 Wrench, Stainless Steel, M5x8mm/ 10mm/ 12mm/ 16mm/ 20mm, Tamper Proof Screws
– Fit Torx Size: T25;
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear how widespread or easily reproducible the exploit is outside the researchers’ controlled environment. The full technical details and attack vectors are yet to be published, pending Apple’s response and patch deployment.
kernel memory protection software
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Apple is expected to investigate the disclosed vulnerabilities and develop patches for macOS 26.4.1 and related hardware. The researchers plan to publish a comprehensive 55-page report after the fix is released. The security community will closely monitor for potential exploits leveraging similar techniques.
macOS vulnerability detection tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What is the significance of this exploit?
This is the first public kernel memory corruption exploit on Apple M5 hardware that bypasses Apple’s hardware security system, MIE, raising questions about the robustness of current protections.
Does this mean Apple devices are insecure?
While it demonstrates that even advanced hardware protections can be bypassed, it does not mean all Apple devices are immediately vulnerable. Patches and mitigations are expected to follow.
How did the researchers develop this exploit so quickly?
The team used AI tools like Mythos Preview to identify vulnerabilities rapidly, combined with their expertise, enabling them to develop a working exploit within a week.
Will Apple fix this vulnerability?
Apple has not yet announced a fix, but they are likely to prioritize developing patches for macOS 26.4.1 and related hardware following this disclosure.
