Apple’s M5 chip has faced its first public exploit. Researchers have found a way to bypass Apple’s hardware-level memory protections through a kernel memory corruption attack on macOS 26.4.1.
The team, including Bruce Dang, Dion Blazakis, and Josh Maine, began their work on April 25 and created a local privilege escalation (LPE) exploit that starts from a normal user account and can gain root access. Remarkably, this was achieved while Apple’s Memory Integrity Enforcement (MIE) was still active.
Instead of following the usual bug bounty process, the researchers took a printed 55-page report directly to Apple Park in Cupertino, hoping to avoid the long queues that occur during events like Pwn2Own. Detailed findings will be shared only after Apple has issued a patch.
MIE is a critical security feature of Apple’s M5 and A19 chips. It utilizes ARM’s Memory Tagging Extension (MTE) architecture, a system designed to prevent kernel memory exploits. Apple invested around five years and billions into developing MIE, claiming it effectively thwarts known public exploit chains against modern iOS devices. According to Apple’s research, MIE successfully defends against well-known exploit kits like Coruna and Darksword.
The breakthrough in finding these vulnerabilities was made easier with help from Anthropic’s Mythos Preview, a powerful AI that guided the discovery process. This AI can recognize attack patterns across various vulnerabilities, emphasizing the growing integration of AI in security research.
Calif, one of the researchers, highlighted that while the bugs were easy to identify due to their classification, overcoming MIE required significant human skill. The timeline for developing the exploit—five days—compared to the five years Apple spent on MIE, marks a notable achievement for AI-assisted security research.
Memory corruption remains a leading vulnerability across all platforms, including macOS and iOS. Technologies like MIE don’t entirely eliminate risks; instead, they make exploitation more challenging and costly.
Recent findings illustrate a trend where small, AI-enhanced teams can tackle tasks that once needed extensive resources. This shift indicates that hardware security might be facing new challenges as AI capabilities grow.
Apple is currently working on a patch for M5 systems running on macOS 26.4.1. Until then, there’s a theoretical risk of local privilege escalation for these systems through this newly discovered method.
For further details and insights, you can read more from Calif’s research.
