Anthropic's Mythos Assists in macOS Exploit Development in Just Five Days
Security researchers utilized Anthropic's AI model, Mythos Preview, to develop a macOS exploit within just five days, bypassing Apple's five years of security efforts.
Anthropic’s Mythos Breaks Through macOS Security
Security researchers employed Anthropic’s AI model Mythos Preview to develop a macOS exploit in just five days. This exploit targets a vulnerability that allows standard users to gain administrator (root) access simply by executing a command. According to a report by Tom’s Hardware, the exploit is described as “practically straightforward.”
Circumventing Apple’s Memory Integrity Enforcement
Last year, Apple introduced a hardware-assisted memory safety system called “Memory Integrity Enforcement (MIE)” aimed at making memory corruption exploits significantly harder to execute. This system has been implemented in devices like the iPhone 17, iPhone Air, and certain MacBook models, representing five years of security efforts. However, researchers managed to bypass this advanced protection in just five days with the support of Mythos Preview.
Collaboration Between AI and Experts as the Key
The researchers explained that Mythos Preview was instrumental in quickly identifying vulnerabilities belonging to known bug classes and supporting the entire exploit development process. They noted, however, that autonomously bypassing new protection mechanisms like MIE remains challenging, making human expertise indispensable. “Testing the potential of combining the best models with expert knowledge was one of our motivations,” they stated, emphasizing that creating a kernel memory corruption exploit capable of bypassing top-level protections within a week was a significant achievement.
Implications for the Security Industry
This discovery suggests that even small teams can leverage AI to uncover critical security issues, highlighting the evolving challenges AI technology presents to security measures. While the researchers have prepared a 55-page technical report, they have decided not to release it publicly until Apple issues a fix for the vulnerability. This decision aims to prevent misuse while ensuring technical details are shared after the issue is resolved.
Frequently Asked Questions
- What is Mythos Preview?
- Mythos Preview is an AI model developed by Anthropic, designed to assist in identifying security vulnerabilities and developing exploits. It demonstrates a high generalization ability for known bug classes and contributes to overcoming complex protection mechanisms when combined with expert collaboration.
- Is this exploit publicly available?
- No, the researchers possess a 55-page technical report but have stated that it will remain unpublished until Apple releases a patch to address the vulnerability. This approach aims to prevent malicious exploitation while allowing the sharing of technical details after the fix.
- How was the exploit developed in just five days?
- The AI model efficiently identified known bug patterns, enabling quicker exploration of potential vulnerabilities. However, bypassing Apple's latest protection technology, MIE, required human expertise. The collaboration between AI and human experts was key to achieving the rapid development of the exploit.
Comments