Memory Integrity Enforcement Exploit
Early this week, we had a meeting at Apple Park in Cupertino. While there, we also shared with Apple our latest vulnerability research report: the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE. It was laser printed, in honor of our hacker friends.
[…]
The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253). It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell. The implementation path involves two vulnerabilities and several techniques, targeting bare-metal M5 hardware with kernel MIE enabled.
[…]
We didn’t build the chain alone. Mythos Preview helped identify the bugs and assisted throughout exploit development.
Previously:
- Hardening Firefox With Mythos
- curl Removes Bug Bounties
- Mythos and Glasswing
- Memory Integrity Enforcement
