Huh, Mythos pwned macOS in five days (with some human help)

May 15 2026 - Quote

Huh, Mythos pwned macOS in five days (with some human help):

“Apple spent five years building hardware and software to make memory corruption exploits dramatically harder. Our engineers, working together with Mythos Preview, built a working exploit in five days. [...]

“The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253). It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell. The implementation path involves two vulnerabilities and several techniques, targeting bare-metal M5 hardware with kernel MIE enabled. [...]

“To the best of our knowledge, this is the first public macOS kernel exploit on MIE hardware. Again, we’ll publish our 55-page report after Apple ships a fix.”

- First public macOS kernel memory corruption exploit on Apple M5