Calif security team, aided by Mythos Preview AI, built a working MIE-bypassing macOS kernel LPE exploit on M5 silicon in five days.
Key Takeaways
Exploit is a data-only kernel local privilege escalation chain on macOS 26.4.1, starting from an unprivileged user and ending with a root shell.
MIE (Memory Integrity Enforcement), Apple’s hardware-assisted memory safety system built on ARM MTE, is the marquee security feature of M5 and A19 chips.
Two vulnerabilities discovered by Bruce Dang on April 25; working exploit delivered by May 1, with Mythos Preview assisting bug discovery and Dion Blazakis and Josh Maine building tooling.
Mythos Preview generalizes across known bug classes quickly but still required human expertise to navigate MIE bypass, which is a novel mitigation class.
Full 55-page technical report will be released after Apple ships a patch; coordinated disclosure was delivered in person at Apple Park.
Hacker News Comment Review
Commenters broadly flagged the post as a PR piece with no verifiable technical details yet; skepticism is high until the 55-page report drops.
There is debate over whether Mythos deserves credit or whether the result reflects elite human researchers using any capable model as a force multiplier; the Nicholas Carlini comparison was raised.
The exploit class matters: commenters clarified this is a local privilege escalation, not a zero-click RCE, putting its bug bounty value around $100K rather than $1.5M unless repackaged against a locked-mode beta.
Notable Comments
@yieldcrv: Pegs current bounty value at ~$100K but notes a path to $1.5M if demonstrated as unauthorized access against a beta build with Lockdown Mode.
