The company said it discovered two macOS vulnerabilities in April and linked them into an attack chain. The exploit allowed a regular local user to gain root access, the highest level of privileges in the system.

The attack was tested on a real device powered by an M5 chip with MIE protection enabled.

The researchers reported the issue to Apple and plan to publish technical details after the vulnerability is fixed.

According to the experts, Mythos would not have been able to carry out the attack on its own without human assistance. The model can reproduce already described methods, but it cannot independently invent new ones.

Apple security

Memory safety bugs remain the most common type of vulnerability almost everywhere, including iOS and macOS. In cybersecurity, there is a simple principle: if a problem cannot be fully prevented, the risk has to be accepted and reduced. One way to do this is to make attacks much more difficult and expensive for malicious actors.

Such protections are costly to build. Calif emphasized that Apple acts strategically because it controls the entire system, from hardware to software. This allows the company to integrate many security mechanisms directly into its chips and make them significantly harder to bypass. Many security experts consider Apple devices to be the most secure mass-market platform for ordinary users.

The latest example is MIE. This Apple memory protection system uses hardware capabilities built into the chip. It was introduced as one of the key security features of the Apple M5 and A19 chips. The system was specifically designed to stop attacks based on memory safety errors.

Apple spent five years developing MIE. The system disrupts all publicly known attack chains against modern versions of iOS, including the recently leaked Coruna and Darksword toolkits.

At Calif, researchers studied how AI could help create attacks that still work even under this level of memory protection.

The macOS exploit path was discovered by chance. Bruce Dang found the bugs on April 25. Josh Main built the necessary tools, and by May 1, a working version was ready.

“This experiment shows what may come next. Apple built MIE in a world where Mythos Preview did not yet exist. Now we will see how the world’s best protection technology withstands the first major wave of vulnerabilities discovered with the help of AI,” the experts concluded.

Сonclusion:
The experiment shows that AI can accelerate vulnerability research even against highly protected platforms such as Apple hardware. However, the case also confirms that human expertise remains essential, as Mythos helped reproduce and combine known techniques rather than independently inventing a new attack.