FALCONINTERNET

Apple's 5-Year Memory Defense Fell in 6 Days

Security
Apple's 5-Year Memory Defense Fell in 6 Days

Apple spent roughly five years engineering Memory Integrity Enforcement (MIE) — a hardware-backed defense, built into its new M5 silicon, designed to shut down the memory-corruption attacks that have plagued software for decades. It's genuinely serious engineering, fully enabled by default on the newest hardware.

It held for about six days under focused attack.

What actually happened

A research team at the security firm Calif — Bruce Dang, Dion Blazakis, and Josh Maine — chained two macOS bugs into a data-only kernel local privilege-escalation exploit. It ran on macOS 26.4.1 on M5 hardware, needed only an unprivileged local foothold and standard system calls, used no exotic drivers, and landed root while MIE was still active.

The timeline is the part worth sitting with: initial bugs found April 25, a second researcher joined April 27, a working exploit by May 1, public disclosure May 14. One of the hardest targets in the industry, defeated in under a week.

The AI accelerant

The team used Anthropic's restricted vulnerability-research model, Claude Mythos, in the process. Importantly, it didn't invent novel attack techniques — it recognized bug classes the researchers had already generalized, helped write and iterate exploit code, and made a fast team much faster.

That's the real story, and it isn't about Apple. When AI compresses the work of skilled exploit development, the gap between a vulnerability becoming known and it becoming weaponized collapses. Researchers tracking this now measure that window in hours — roughly ten, in some recent cases — not the weeks it used to take.

What it means for everyone running anything

If a five-year, hardware-level defense from one of the most resourced companies on earth can fall this fast, the takeaway for normal businesses is sobering and simple: patch cadence is now a security control, not a chore. Monthly or quarterly patching cycles were designed for a slower era that no longer exists.

  • Automatic updates as the default — operating systems, browsers, mobile, and yes, Macs.
  • A written patching policy with real SLAs: 24–72 hours for anything internet-facing.
  • The CISA Known Exploited Vulnerabilities feed as your priority list.
  • EDR coverage on Macs too — they are no longer the safe corner of the network.

This is the unglamorous discipline managed infrastructure exists to enforce. We run 24x7x365 NOC monitoring and same-week patching on the systems we manage precisely because the window between disclosure and exploitation keeps shrinking — and weeks like this one are why.

Tagged: Security AI Apple Patching

Keep reading

Samba Hit with CVSS 10 Zero-Auth RCE — Patch Your File Servers Now

4,300 Fake FIFA Sites Are Live. Brief Your Staff Before June 11.

npm's Worm Problem: When `npm install` Steals Your Credentials

Need this handled instead of explained?

We do this for a living — talk to an engineer about your setup.

Book a Free Consultation 1.800.285.0645