Researchers Find Local Privilege Escalation Exploit on Apple M5 Chips Bypassing Memory Integrity

Security researchers from Calif discovered a local privilege escalation exploit on Apple M5 chips that bypasses Memory Integrity Enforcement, granting root access.

Researchers Find Local Privilege Escalation Exploit on Apple M5 Chips Bypassing Memory Integrity

Researchers from a group named Calif have identified a critical security flaw in Apple M5 chips. The vulnerability allows standard users to escalate privileges and gain root access on affected devices. This exploit successfully bypasses Memory Integrity Enforcement, a key hardware-level security feature designed to protect memory integrity.

New security flaw allows standard users to gain root access via memory bypass

The Calif team discovered the issue on an Apple M5 machine running macOS 26.4.1. The attack targets MIE, a system that uses 4-bit tags to monitor memory slices on M5 and A19 chips. The researchers utilized Anthropic's Claude Mythos Preview AI tool to aid in the discovery and development of the exploit code.

Security researchers used Anthropic's Claude Mythos Preview AI to develop an exploit bypassing Memory Integrity Enforcement on Apple M5 chips.
AI-assisted discovery reveals critical flaw in Apple silicon architecture.

The Calif team disclosed the vulnerability to Apple in advance rather than releasing it as a zero-day exploit. This disclosure is part of a broader research initiative called the Month of AI-Discovered Bugs. The group claims to be the only ones publicly disclosing this specific issue, although they acknowledge uncertainty regarding the exclusivity of this claim.

This finding highlights the growing role of artificial intelligence in modern cybersecurity research. The use of Claude Mythos Preview demonstrates how AI tools can assist in identifying complex hardware-level vulnerabilities. The incident underscores the importance of robust security measures in Apple silicon architecture as new chips enter the market.

The vulnerability allows standard users to escalate privileges and gain root access on Apple M5 devices running macOS 26.4.1.

Discussion

0 comments

Log in to join the thread with a thoughtful take, question, or correction.

Add to the discussion