Calif engineers say they built the first public macOS kernel memory corruption exploit on Apple M5
The AI-first security shop reported a working MIE-surviving local kernel exploit to Apple after building it in five days with help from Mythos Preview.
By Staff ยท
Why it matters
Hardware-assisted memory safety like Apple's MIE is the new baseline for high-end devices. Calif's demo suggests that with the right bugs and an AI-plus-expert workflow, even best-in-class mitigations can be worked around. For founders and security leaders, that cuts both ways: expect faster exploit development against complex stacks, and invest now in bug discovery, sandboxing, and rapid patch pipelines built for the AI-accelerated era.
Calif, the AI-driven security firm behind calif.io, says it hand-delivered to Apple a working macOS kernel memory corruption exploit on M5 hardware that survives Memory Integrity Enforcement, detailing the feat in a blog post. Apple introduced MIE as a marquee defense on M5 and A19 to break memory corruption chains, yet Calif says its team produced a data-only local privilege escalation that ends in a root shell.
The team and the sprint
Calif credits three researchers by name: Bruce Dang found the bugs on April 25, Dion Blazakis joined the company on April 27, and Josh Maine built the tooling; by May 1, the group had a working exploit, according to the post. The company says it reported the findings in person during a meeting at Apple Park and even laser printed the writeup in a nod to hacker lore.
What they shipped
Per Calif, the chain targets macOS 26.4.1 (25E253) on bare-metal Apple M5 with kernel MIE enabled. It starts from an unprivileged local user, uses only standard system calls, and escalates to root via two vulnerabilities and several techniques. The firm published a short proof-of-concept demo video on YouTube: First public kernel memory corruption exploit on Apple M5. Full technical details are being withheld until Apple ships a fix; Calif says a 55-page report will follow.
The AI + expert pairing
Calif emphasizes that Mythos Preview, its internal model-driven system, helped spot the underlying bugs quickly because they belong to known classes. But while Mythos Preview generalized the search, bypassing MIE required human strategy and manual exploitation work. The result, the team argues, is a case study in pairing top-tier models with seasoned exploit developers to compress timelines for complex, mitigations-aware chains.
Why this matters for Apple-class defenses
Apple spent years building MIE atop ARM's MTE to raise the cost of exploitation at the hardware level. In Apple's own writeup, MIE disrupts every public exploit chain against modern iOS, including leaked commercial kits. Calif is not claiming MIE is broken wholesale; rather, that with the right vulnerabilities and a hybrid AI-human workflow, practical exploitation is still possible on macOS with MIE enabled. If Apple confirms and patches, this would be the first public example of a macOS kernel memory corruption exploit running on M5 silicon with MIE.
Company context
Calif positions itself as a frontier vulnerability research shop that uses leading models from partners like Anthropic and OpenAI to discover novel attack paths and then feeds those lessons back into defensive engineering. According to its site, the team has delivered red-team and hardening work for companies including Google, CoreWeave, Wiz, Anthropic, Cursor, Cresta, and Lightspark. The M5 exploit is framed as part of an ongoing program probing modern mitigations and how AI can accelerate both offensive and defensive security research.
Calif says it will publish full details after Apple ships a fix. Until then, the video and the high-level description in the blog post are the public artifacts.