AI-Assisted Research Cracks Apple’s M5 Memory Defense in Five Days; Microsoft Patches High-Risk Windows Kernel Flaw
AI-Assisted Research Cracks Apple’s M5 Memory Defense in Five Days; Microsoft Patches High-Risk Windows Kernel Flaw
- Linux Kernel Removes strncpy After Six Years and 362 Patches
- Linux Kernel Drops 40-Year-Old AppleTalk Protocol — AI-Generated Patch Flood Was the Last Straw
- Apple’s Native Linux Container Tool Has Arrived — But Can It Really Replace Docker?
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
AI-Assisted Research Cracks Apple’s M5 Memory Defense in Five Days; Microsoft Patches High-Risk Windows Kernel Flaw
Two significant security events dominated this week: a research team used Anthropic’s Mythos Preview to bypass Apple’s newest hardware memory protections, while Microsoft quietly fixed a Windows kernel privilege-escalation vulnerability rated high severity.
Apple M5: Five Years of Defense, Five Days to Bypass
Security startup Calif announced this week what independent sources describe as the first publicly disclosed macOS kernel memory corruption exploit capable of surviving Apple’s Memory Integrity Enforcement (MIE) on the M5 chip — a hardware-backed memory safety system that Apple has been developing for approximately five years and has promoted as a flagship protection against sophisticated attacks.
What is MIE?
MIE is built on ARM’s Memory Tagging Extension (MTE), a 2019 specification that attaches a secret “tag” to every memory allocation. Each time memory is accessed, the hardware checks whether the tag presented by the caller matches the one stored at allocation time. A mismatch causes an immediate crash and is logged — the idea being that any memory corruption exploit attempt is stopped before it can do damage. Apple introduced MIE as the marquee security feature of the M5 and A19 chip families, and claimed it disrupts every known public exploit chain against modern iOS, including the leaked Coruna and Darksword vulnerability packages.
The Exploit Timeline
- April 25, 2026Researcher Bruce Dang identifies two vulnerabilities in macOS — described by Calif as an accidental discovery.
- April 27, 2026Dion Blazakis joins the research effort.
- May 1, 2026Josh Maine builds the exploitation tooling; the team achieves a working kernel memory corruption exploit on bare-metal M5 hardware.
- Week of May 12, 2026Calif members travel to Apple Park in Cupertino and deliver a 55-page technical report in person.
- May 14, 2026Calif publishes a public disclosure summary. Full technical details withheld pending Apple patches.
The exploit chain begins from an unprivileged local user account and ends with a root shell using only ordinary system calls — no code injection required, only data manipulation. The technique targets macOS 26.4.1 on M5 hardware with kernel MIE enabled.
The Role of Anthropic’s Mythos Preview
The Calif team credited Anthropic’s Mythos Preview AI model with helping identify vulnerability categories and determine which attack paths remained feasible under MIE’s constraints. However, researchers were careful to note that the model’s contribution had limits: Mythos was effective at recognising known bug classes quickly, but a novel mitigation like MIE still required substantial human expertise to actually bypass. Calif CEO Thai Duong told The Wall Street Journal that human judgment remained critical because MIE was an entirely new system without established bypass precedents.
Apple confirmed it is reviewing Calif’s report. A spokesperson told the Wall Street Journal: “Security is our top priority, and we take reports of potential vulnerabilities very seriously.” No CVE number has been assigned yet; Calif plans to release the full 55-page technical analysis after Apple issues patches.
Microsoft CVE-2026-40369: Windows Kernel Privilege Escalation Patched
CVE-2026-40369 CVSS 7.8 — High
Microsoft’s May 12, 2026 Patch Tuesday addressed CVE-2026-40369, an elevation-of-privilege vulnerability in the Windows kernel-mode driver. The flaw was rated Important with a CVSS 3.1 score of 7.8, and Microsoft assessed exploitation as “More Likely” — a designation reserved for vulnerabilities that defenders should treat with particular urgency, as working exploits are considered feasible even if not yet observed in the wild.
What is Known
According to the National Vulnerability Database, CVE-2026-40369 is classified as an untrusted pointer dereference in the Windows Kernel, allowing a locally authenticated attacker to escalate privileges to SYSTEM level. This is consistent with the broader pattern of Windows kernel elevation-of-privilege vulnerabilities patched in May 2026 — Microsoft addressed 13 Windows Kernel EoP vulnerabilities in 2026 so far, of which this is one.
CVE-2026-40369 is one of two kernel EoP flaws in this Patch Tuesday (alongside CVE-2026-33841) rated “Exploitation More Likely.” Both allow a local attacker to reach SYSTEM-level access.
Length=0 bypass of ProbeForWrite in ExpGetProcessInformation, sandbox escape from Chrome, and a public proof-of-concept on GitHub — that are not confirmed by Microsoft, the NVD, or independent security researchers. These specifics should be treated as unverified until authoritative sources publish a technical analysis.
Affected Systems
The vulnerability affects Windows systems covered by the May 2026 cumulative update. Windows 10 reached end-of-life in October 2025; users on that platform must be enrolled in Extended Security Updates to receive the patch.
Fact-Check Summary
This article was verified against primary sources including NVD, Microsoft’s Security Response Center, Tenable, Cisco Talos, 9to5Mac, The Wall Street Journal, and Calif’s own published disclosure. The table below documents the accuracy of claims circulating in secondary reporting.
| Claim | Verdict |
|---|---|
| Apple M5 MIE bypassed by three-person Calif team | ✓ Confirmed |
| Timeline: bugs found April 25, exploit working by May 1 | ✓ Confirmed |
| Anthropic Mythos Preview assisted the research | ✓ Confirmed |
| 55-page report delivered in person to Apple at Cupertino | ✓ Confirmed |
| Exploit requires local access (not remote) | ✓ Confirmed |
| CVE-2026-40369 exists, CVSS 7.8, patched May 12 | ✓ Confirmed |
| CVE-2026-40369 rated “Exploitation More Likely” | ✓ Confirmed |
| Specific Length=0 / ProbeForWrite technical exploit details | ✗ Unverified |
| Public PoC on GitHub for CVE-2026-40369 | ✗ Unverified |
| Exploit triggerable from Chrome sandbox | ✗ Unverified |
| Active attacks already underway on unpatched machines | ✗ Contradicted — no zero-days in May 2026 Patch Tuesday |
| Mythos acted largely autonomously in the Apple exploit | ~ Overstated — human expertise was essential |
What You Should Do
-
Windows users: Apply the May 12, 2026 cumulative update immediately if you have not already. While no confirmed in-the-wild exploitation is documented, CVE-2026-40369’s “Exploitation More Likely” rating means the window between patch release and active exploitation may be narrow.
-
Mac users on M5: Monitor Apple’s security updates page. The Calif vulnerability requires local access, so it is not an immediate remote threat — but a patch should be applied as soon as Apple releases one. Enable automatic security updates.
-
Enterprise and security teams: Reassess assumptions about AI-assisted vulnerability research timelines. A three-person team with frontier AI tooling compressed what would historically be a months-long research project into five days against one of the strongest consumer memory defenses available. Defensive planning should account for this acceleration.
-
Everyone: Apply healthy skepticism to secondary reporting on CVEs. Technical specifics — including claims about specific functions, bypass methods, or PoC availability — should be verified against the NVD, Microsoft MSRC, or vendor advisories before being treated as accurate.
