Calif team details how Anthropic Mythos helped build a working macOS exploit in five days

The team behind the first public macOS kernel memory corruption exploit on M5 silicon has shared fresh details on how Mythos Preview helped bypass a five-year Apple security effort in five days.

A bit of technical background

Last year, Apple introduced Memory Integrity Enforcement (MIE), a hardware-assisted memory safety system designed to make memory corruption exploits much harder to execute.

As Apple explained, MIE is basically built on Arm’s Memory Tagging Extension (MTE), which is a 2019 specification that works “as a tool for hardware to help find memory corruption bugs.”

Here’s Apple:

MTE is, at its core, a memory tagging and tag-checking system, where every memory allocation is tagged with a secret; the hardware guarantees that later requests to access memory are granted only if the request contains the correct secret. If the secrets don’t match, the app crashes, and the event is logged. This allows developers to identify memory corruption bugs immediately as they occur.

The problem is that Apple found that MTE wasn’t robust enough under certain circumstances, so it developed MIE and built it “into Apple hardware and software in all models of iPhone 17 and iPhone Air.”

To sum up, MIE is Apple’s hardware-assisted memory safety system. It is built on Arm’s MTE specification and uses the chip itself to help detect and block certain memory corruption attacks before they can be exploited.

You can learn more about MIE here.

Enter, the Calif team

Earlier today, The Wall Street Journal reported on the fact that security researchers at Calif had used Anthropic’s Mythos Preview model to expose a new macOS security vulnerability by linking together “two bugs and a handful of techniques to corrupt the Mac’s memory and then gain access to parts of the device that should be inaccessible.”

Now, the team behind the exploit has shared a few extra details on how they did it, including a 20-second video of the kernel memory corruption exploit in action.