First Public macOS M5 Kernel Exploit Developed Apple Prepared

The first public macOS kernel memory corruption attack has reportedly targeted Apple’s M5 silicon. This exploit successfully bypassed the company’s notable hardware-level memory protection.

Researchers from Calif, Bruce Dang, Dion Blazakis, and Josh Maine, developed a working kernel local privilege escalation (LPE) exploit targeting macOS 26.4.1 (25E253) on bare-metal M5 hardware.

The exploit chain starts from an unprivileged local user account, uses only standard system calls, and delivers a full root shell, all while Apple’s Memory Integrity Enforcement (MIE) is active.

The team discovered the two underlying bugs on April 25, joined forces two days later, and had a working exploit running by May 1.

First Public macOS Kernel Exploit

Rather than submitting through the standard bug bounty pipeline, the researchers walked the 55-page printed report directly into Apple Park in Cupertino, a deliberate move to avoid the crowded submission queues seen during events like Pwn2Own. Full technical details will be published only after Apple ships a patch.

Memory Integrity Enforcement is Apple’s hardware-assisted memory safety system, built on ARM’s Memory Tagging Extension (MTE) architecture.

Introduced as the marquee security feature of the M5 and A19 chips, Apple spent five years, and reportedly billions of dollars, engineering MIE to specifically disrupt kernel memory corruption exploits.

According to Apple’s own research, MIE disrupts every known public exploit chain against modern iOS, including the leaked Coruna and Darksword exploit kits.

The breakthrough was made possible in part by Anthropic’s Mythos Preview, a powerful AI model that helped identify the two vulnerabilities and assisted throughout the exploit development process.

Calif describes the model as capable of generalizing attack patterns across entire vulnerability classes once it has learned a problem type.

The bugs were discovered quickly because they fall within known bug classes; however, autonomously bypassing MIE still required significant human expertise, underscoring the power of a human-AI pairing.

The five-day development timeline against a protection that took Apple five years to build is being cited as a significant benchmark for AI-assisted offensive security research.

Memory corruption remains the most prevalent vulnerability class across all modern platforms, including iOS and macOS. Security mitigations like MIE are designed to raise the cost of exploitation, not make it impossible.

This research demonstrates that as AI models grow more capable at surfacing unknown bugs in known classes, even best-in-class hardware mitigations face a narrowing window of effectiveness.

Calif frames the exploit as a preview of what it calls the “AI bugmageddon” era a period where small, AI-augmented security teams can achieve what previously required large, well-funded organizations.

Apple was built in a world before Mythos Preview; this exploit signals that the calculus of hardware security is already beginning to shift.

Apple is reportedly working on a fix. Until a patch is released, systems running macOS 26.4.1 on M5 hardware remain at theoretical risk from local privilege escalation via this unpublished chain.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.