Aided by Mythos Preview, Researchers Announce MacOS Kernel Exploit Circumventing M5 Memory Integrity Enforcement

Calif, a security research team, on their blog:

Many security experts consider Apple devices to be the most secure consumer platform. The latest flagship example is MIE (Memory Integrity Enforcement), Apple’s hardware-assisted memory safety system built around ARM’s MTE (Memory Tagging Extension). It was introduced as the marquee security feature for the Apple M5 and A19, specifically designed to stop memory corruption exploits, the vulnerability class behind many of the most sophisticated compromises on iOS and macOS. [...]

Our macOS attack path was actually an accidental discovery. Bruce Dang found the bugs on April 25th. Dion Blazakis joined Calif on April 27th. Josh Maine built the tooling, and by May 1st we had a working exploit.

We didn’t build the chain alone. Mythos Preview helped identify the bugs and assisted throughout exploit development. [...] To the best of our knowledge, this is the first public macOS kernel exploit on MIE hardware. Again, we’ll publish our 55-page report after Apple ships a fix.

The Wall Street Journal ran a story on Calif’s announcement today that was heavy on hyperbole and extraordinarily light on technical details. Unsurprisingly, the team’s own blog post was much more informative and interesting. The achievement here is circumventing MIE.

Thursday, 14 May 2026