First public macOS kernel memory corruption exploit on Apple M5
quadrige
323 points
68 comments
May 14, 2026
Related Discussions
Found 5 related stories in 692.0ms across 14,015 title embeddings via pgvector HNSW
- CVE-2026-28952: Apple macOS 26.5 Kernel Vuln found by Claude dragonsenseiguy · 118 pts · May 25, 2026 · 65% similar
- Apple A12 and A13 Chips: New Unpatchable Exploit tosh · 61 pts · June 19, 2026 · 59% similar
- Claude wrote a full FreeBSD remote kernel RCE with root shell ishqdehlvi · 258 pts · April 01, 2026 · 53% similar
- 32bit Apple app running on M4 natively carlosjobim · 17 pts · June 26, 2026 · 53% similar
- FatGid: FreeBSD 14.x kernel local privilege escalation WhyNotHugo · 92 pts · May 21, 2026 · 52% similar
Discussion Highlights (9 comments)
vsgherzi
unfortunately a little light on the details. I'm very curious how the bug survived through MTE
AgentME
First Mozilla, now even Apple is making up fake vulnerabilities to hype up Mythos. /sarcasm
bredren
Did the article get edited? There is not much description of the field trip.
yieldcrv
from what they demonstrated, this seems to only be a $100,000 exploit in Apple's bug bounty platform, but if they package it right, it could be a $1.5 million exploit They simply have to show it against a beta version of MacOS, and frame it as unauthorized access, and maybe from locked mode if possible
commandersaki
I bought the M5 specifically cause of MIE. Now I feel dumb.
dgellow
The world is so not ready for the impact of LLMs on security issues. If true, congrats to the Calif team. It’s likely too technical for me to understand in details but looking forward to reading the 55 pages report
tkel
Another breathless marketing hype for Mythos. The curl report was much more sober. https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-v...
jp0001
LLMs are going to produce amazing Rube Goldberg style vulnerabilities for years to come. It's already starting, this instance isn't the case, but it's happening.
isodev
I’m surprised Apple is still not dogfooding their allegedly safe language Swift. Or was the whole exercise of Swift 6 mostly marketing