Anthropic Mythos AI Discovers Critical macOS Vulnerabilities Bypassing Apple Security
Key Takeaways A pre-release version of Anthropic’s Mythos AI helped identify two critical macOS vulnerabilities. The vulnerabilities can be chained to achieve privilege escalation, bypassing...
Key Takeaways
- A pre-release version of Anthropic’s Mythos AI helped identify two critical macOS vulnerabilities.
- The vulnerabilities can be chained to achieve privilege escalation, bypassing Apple’s memory integrity protections.
- The exploit requires human expertise and cannot be deployed remotely by the AI alone.
- Apple is currently reviewing a detailed report and is expected to issue patches for the discovered flaws.
Anthropic’s Mythos AI Uncovers Critical macOS Vulnerabilities
An early, restricted iteration of Anthropic’s advanced Mythos AI model has assisted security researchers at Calif, a cybersecurity firm based in Palo Alto, in identifying two previously unknown vulnerabilities within Apple’s macOS operating system.
Table Of Content
These flaws, when combined, create a potent privilege escalation exploit. This attack vector effectively circumvents Apple’s sophisticated memory integrity enforcement mechanisms, allowing unauthorized access to system areas that are designed to be impenetrable.
Apple is currently evaluating a comprehensive 55-page report submitted by Calif, with patches anticipated once the findings undergo validation.
Mythos AI’s Role in macOS Vulnerability Discovery
The exploit, uncovered during testing sessions in April, leverages two distinct macOS vulnerabilities alongside several advanced techniques. Its objective is to corrupt the Mac’s memory, thereby breaching restricted system zones that standard processes are forbidden from accessing.
Reporting from The Wall Street Journal indicates that if this privilege escalation exploit were further chained with additional attack methods, it could potentially allow a malicious actor to gain complete control over a targeted Mac device.
Calif’s research team developed specialized software to link these two vulnerabilities, crafting an attack vector that macOS had not previously encountered in this specific form.
It is crucial to note that this is not a self-propagating, remotely deployable worm. The exploit demands significant human cybersecurity expertise to integrate with and build upon the insights generated by Mythos.
Thai Dong, CEO of Calif, affirmed this, stating that the attack “couldn’t have been pulled off by Mythos alone and leveraged the very human cybersecurity expertise of some of Calif’s hackers.”
Project Glasswing and Mythos’s Restricted Access
Anthropic has intentionally kept Mythos, formerly known as the Claude Mythos Preview, from public release due to its extraordinary and potentially hazardous capabilities in pinpointing software vulnerabilities.
The model is a core component of Anthropic’s broader Project Glasswing initiative. This program grants approximately 40 carefully selected organizations, including technology giants like Apple, Google, and Microsoft, controlled access to Mythos for the explicit purpose of defensive security research.
Anthropic has committed up to $100 million in usage credits to support this collaborative security effort.
Mythos has already demonstrated its significant potential. Prior to the macOS discovery, the model reportedly identified a bug in OpenBSD that had remained undetected for 27 years and uncovered vulnerabilities in Linux that could facilitate machine hijacking.
Engineers at Anthropic have issued explicit warnings that the model’s proficiency in uncovering security flaws is too substantial to permit its release without stringent safety protocols.
The Calif researchers were so confident in their findings that they personally traveled to Apple’s headquarters in Cupertino to deliver the 55-page technical report directly.
An Apple spokesperson, in a statement to The Wall Street Journal, commented: “Security is our top priority, and we take reports of potential vulnerabilities very seriously.”
While Apple has not yet confirmed whether it has initiated patching for the reported vulnerabilities, Calif CEO Thai Dong conveyed to the WSJ his belief that “the bugs will likely be fixed pretty quickly.”
Full technical details regarding Calif’s discoveries will remain confidential until Apple has implemented fixes for the underlying issues.
What You Should Do
- Keep your macOS operating system updated to the latest available version.
- Enable automatic updates for your Apple devices to receive security patches promptly.
- Exercise caution when opening attachments or clicking links from unknown or suspicious sources.
- Report any unusual system behavior or potential security incidents to your IT department or Apple support.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.