AllYouCanTech

**9to5Mac Daily: Your Destination for Daily Apple Updates and Insights**

In the rapidly evolving tech landscape, keeping abreast of the newest trends is essential, particularly for Apple aficionados. 9to5Mac Daily provides a streamlined way to review the day’s most important headlines, giving listeners a summary of impactful news related to Apple and its ecosystem.

**Podcast Accessibility**

Listeners can conveniently tune into 9to5Mac Daily on multiple platforms, including [iTunes and Apple’s Podcasts app](https://podcasts.apple.com/us/podcast/9to5mac-daily/id1331816080), [Stitcher](https://www.stitcher.com/podcast/9to5mac-daily), [TuneIn](https://tunein.com/radio/9to5Mac-Daily-p1089524/), [Google Play](https://play.google.com/music/m/I5d4dzs7dauazmfxvvrynyiuram?t=9to5Mac_Daily), or through a [dedicated RSS feed](https://feedpress.me/9to5macdaily) for Overcast and other podcast applications. Fresh episodes are produced every weekday, guaranteeing that subscribers receive prompt updates on the latest Apple news.

**Sponsorship and Support**

The podcast is backed by [Bitwarden](https://bit.ly/48staRo), a secure, open-source password management tool that features end-to-end encryption and seamless autofill options across devices. This collaboration underscores the significance of security in today’s digital world, enabling users to manage their passwords with ease.

**Subscription Benefits**

Listeners can elevate their experience by subscribing to 9to5Mac Daily Plus. This subscription provides ad-free versions of each episode and additional content, allowing for a more in-depth exploration of the topics that matter most to Apple enthusiasts.

**Engagement and Feedback**

9to5Mac Daily invites listener participation. Fans are encouraged to share their feedback by emailing [[email protected]](mailto:[email protected]) and are welcome to rate the podcast on platforms such as [Apple Podcasts](https://geo.itunes.apple.com/us/podcast/id1331816080?at=10laZc&pt=11l8808) and [Overcast](https://geo.itunes.apple.com/us/app/overcast/id888422857?mt=8&at=10laZc&pt=11l8808) to assist others in discovering the show.

**Conclusion**

For anyone interested in Apple updates, 9to5Mac Daily is an essential resource. With its straightforward accessibility, engaging content, and avenues for listener interaction, it distinguishes itself as a leading podcast for tech enthusiasts. Whether you’re a casual user or a devoted Apple supporter, listening to 9to5Mac Daily will keep you informed and connected to the latest in the Apple realm.

The group responsible for the initial public macOS kernel memory corruption exploit on M5 silicon has revealed new insights on how Mythos Preview facilitated the evasion of a five-year Apple security initiative in just five days.

## A touch of technical context

Last year, Apple launched Memory Integrity Enforcement (MIE), a hardware-augmented memory safety framework aimed at significantly complicating memory corruption exploits. MIE is founded on Arm’s Memory Tagging Extension (MTE), a specification that serves as a mechanism for hardware to aid in detecting memory corruption flaws.

At its essence, MTE is a system for tagging memory and checking tags, where each memory allocation is assigned a secret tag; the hardware ensures that subsequent memory access requests are honored only if they contain the matching tag. When the tags do not correspond, the application fails, and the occurrence is logged. This enables developers to promptly detect memory corruption issues as they arise.

Nonetheless, Apple determined that MTE was insufficient in certain scenarios, prompting the creation of MIE, which is embedded in Apple hardware and software across all models of iPhone 17 and iPhone Air. MIE utilizes the chip itself to assist in identifying and preventing specific memory corruption attacks prior to their exploitation.

## Introducing the Calif team

Recently, security analysts at Calif employed Anthropic’s Mythos Preview model to unveil a new macOS security flaw by intertwining two bugs with several techniques to compromise the Mac’s memory and access areas of the device that should remain off-limits.

The team has provided further insights on how they carried out the exploit, including a 20-second video showcasing the kernel memory corruption exploit in effect. They observed that while Apple dedicated most of its MIE efforts towards iOS, it has recently extended it to MacBooks with the M5 chip.

According to the Calif team, Apple invested five years in developing MIE, likely allocating billions of dollars. Their research suggested that MIE thwarts every public exploit chain targeting modern iOS, including the recently disclosed Coruna and Darksword exploit kits.

The Calif team compromised MIE on the M5 in merely five days. Their macOS attack vector was an unintentional finding, with the initial bugs uncovered on April 25th and a functional exploit ready by May 1st. The exploit constitutes a data-only kernel local privilege escalation chain directed at macOS 26.4.1 (25E253), initiating from a non-privileged local user and culminating in a root shell.

They possess a 55-page technical document detailing the hack, which they will withhold until Apple releases a remedy for the exploit. Nonetheless, they indicated that Mythos Preview was instrumental in pinpointing the bugs and aiding throughout the exploit development phase.

Mythos Preview is highly effective; once it acquires knowledge of how to tackle a category of issues, it generalizes to virtually any challenge within that category. The bugs were identified swiftly because they align with known bug categories, but circumventing MIE, a new premier mitigation, necessitated human skill.

The Calif team aimed to evaluate the synergy between sophisticated AI models and human knowledge. Accomplishing a kernel memory corruption exploit against leading protections in a mere week is noteworthy and underscores the potential of this collaboration.

Their finding led to a visit to Apple Park, where they presented their vulnerability research report directly to Apple. They noted that Apple’s MIE, akin to the majority of security mitigations, was formulated in an era preceding Mythos Preview, implying that as small teams harness AI, the realm of security vulnerabilities may undergo dramatic transformations.

For more information, you can read the complete post by the Calif team.