All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Researchers demonstrate first public macOS kernel memory corruption exploit on Apple M5 silicon

By

quadrige

17d ago· 5 min readenNews
Bagel score 92 of 100
92/100
Golden Brown
Bagelometer

A five-star bake. Worth schmearing, sharing, saving.

Score92TypenewsSentimentneutral

Summary

Researchers report the first public macOS kernel memory corruption exploit on Apple's M5 silicon, successfully bypassing Apple's MIE (Memory Integrity Engine) protections. The exploit was developed in just five days by engineers working with Mythos Preview, despite Apple spending five years building hardware and software defenses. The researchers chose to deliver their findings in person at Apple Park to avoid getting lost in the submission flood experienced by Pwn2Own participants.

Key quotes

· 5 pulled
the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE
Apple spent five years building hardware and software to make memory corruption exploits dramatically harder
Our engineers, working together with Mythos Preview, built a working exploit in five days
We wanted to report it in person, instead of getting buried in the submission flood that some unfortunate Pwn2Own participants just experienced
Most respected hackers avoid human interaction whenever possible, so this physical strategy may give us a slight edge in the eternal race for five minutes of fame and glory
Snippet from the RSS feed
Apple spent five years building hardware and software to make memory corruption exploits dramatically harder. Our engineers, working together with Mythos Preview, built a working exploit in five days.

You might also wanna read

Apple publishes corecrypto with formal verification proofs for quantum-secure ML-KEM and ML-DSA algorithms

Apple has published the corecrypto library containing quantum-secure ML-KEM and ML-DSA algorithms, along with formal verification proofs tha

security.apple.com·9d ago

Security researchers adapt Pixel 9 exploit chain to target Google Pixel 10

This article describes how security researchers adapted an exploit chain originally developed for the Google Pixel 9 to work on the Pixel 10

projectzero.google·16d ago

Technical Analysis: Exploiting the Tesla Wall Connector via Charge Port Firmware Manipulation

This article details the technical process of exploiting a Tesla Wall Connector through its charge port connector. It describes the firmware

synacktiv.com·17d ago

Extracting Lego NXT Firmware and Discovering Arbitrary Code Execution Vulnerabilities

The article details the process of dumping firmware from a Lego NXT Mindstorms brick, which led to the discovery of arbitrary code execution

arcanenibble.github.io·2mo ago

Security Researchers Discover Critical XSS Vulnerabilities in Mintlify Platform Affecting Major Tech Companies

A 16-year-old hacker and his friends discovered critical cross-site scripting vulnerabilities in Mintlify, an AI documentation platform used

gist.github.com·5mo ago

Security Analysis Reveals Flaw in $200 Enigma Protector Software Security System

A security researcher documents their analysis of Enigma Protector, a $200 commercial software protection system used by thousands of vendor

ud2.rip·5mo ago