{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreidr6zs6zpqyhjhzrsetzclncr3aj55gipc3mkpobc7gbb4yp6pwk4",
"uri": "at://did:plc:awj2q63kg2v3k5xwsjh2uoe3/app.bsky.feed.post/3mmrzajz3t6h2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreie5axv5v54c23wxqyfc6yn4nqjrl3in4u4sjso36xm3bj367t5f7i"
},
"mimeType": "image/jpeg",
"size": 179055
},
"description": "Security researchers at Calif have found the first public memory corruption exploit on Apple's M5 chip, surviving Memory Integrity Enforcement protections.",
"path": "/news/2026/05/26/first-public-kernel-memory-exploit-of-on-apples-m5-chip-found/",
"publishedAt": "2026-05-26T22:13:07.000Z",
"site": "https://www.privacyguides.org",
"tags": [
"Calif",
"Memory Integrity Enforcement",
"70%",
"Memory Tagging Extension",
"Mythos Preview",
"headlines"
],
"textContent": "Security researchers at Calif have found the first public memory corruption exploit on Apple's M5 chip, surviving Memory Integrity Enforcement protections.\n\nThe researchers even shared the vulnerability with Apple in person at a meeting at Apple Park in Cupertino, the company's headquarters.\n\n> We wanted to report it in person, instead of getting buried in the submission flood that some unfortunate Pwn2Own participants just experienced. Most respected hackers avoid human interaction whenever possible, so this physical strategy may give us a slight edge in the eternal race for five minutes of fame and glory on Twitter.\n\nThe researchers decided not to share the full technical details until Apple releases a fix for the fix for the vulnerabilities and the attack path (they already have a domain bought for the occasion).\n\nApple's Memory Integrity Enforcement (MIE) was first introduced in their M5 and A19 chips, bringing protection against memory safety vulnerabilities. These types of bugs are estimated to constitute around 70% of all vulnerabilities, making them the biggest target for both attackers and defenders.\n\nMIE is Apple's implementation of a standard ARM feature called Memory Tagging Extension (MTE) designed to help developers catch memory safety bugs.\n\n> Memory Integrity Enforcement started with a deeply ambitious goal: to make it immensely more expensive and difficult to develop and maintain mercenary spyware attacks based on memory corruption against our platforms. While there’s no such thing as perfect security, MIE is designed to dramatically constrain attackers and their degrees of freedom during exploitation.\n\nThe researchers found a data-only vulnerability, meaning that the attack doesn't disrupt the control flow of the program, and instead allowing the program to execute as designed.\n\nThe exploit chain starts from an unprivileged local user and ends with a root shell, using only normal system calls.\n\nThey used Anthropic's Mythos Preview to assist in the discovery of the bugs, an AI model that's made headlines for its ability to find vulnerabilities in software.\n\nMIE was designed to make a specific class of vulnerabilities much more difficult to exploit, but there are still plenty of other classes of exploits that Apple and other operating system and hardware vendors will need to contend with.\n\nThe researchers describe this as just a glimpse of the \"bugmageddon\" to come. Defenders will need to develop more and more advanced protections with AI models now able to find security issues more efficiently than ever before.",
"title": "First Public Kernel Memory Exploit of on Apple's M5 Chip Found",
"updatedAt": "2026-05-26T22:13:07.717Z"
}