Discovery of Two macOS Vulnerabilities
Security researchers at Calif, a Palo Alto based cybersecurity firm, have used techniques derived from an early version of Anthropic’s secretive Mythos AI model to find two previously unknown vulnerabilities in Apple’s macOS. The flaws were chained together to create a privilege escalation exploit capable of bypassing Apple’s modern memory integrity protections. This gave unauthorized access to restricted system areas normally off limits to standard processes.
The exploit was developed during testing sessions in April. It combines two macOS bugs with several advanced techniques to corrupt the Mac’s memory, ultimately breaking into protected kernel regions. According to The Wall Street Journal, if combined with additional attacks, the privilege escalation could enable an attacker to seize full control of a targeted Mac. However, the exploit is not a remotely deployable worm and still requires significant human expertise.
Impact of Mythos AI in Security Research
Anthropic’s Mythos, formerly known as the Claude Mythos Preview, has been kept from public release due to its potentially dangerous capabilities for identifying software vulnerabilities. The model is part of Anthropic’s Project Glasswing initiative, which grants approximately 40 select organizations controlled access to Mythos for defensive security research. Anthropic has committed up to $100 million in usage credits to support the effort.
Mythos has previously demonstrated its potential by uncovering a bug in OpenBSD that went undetected for 27 years and identifying vulnerabilities in Linux that could hijack machines. Calif CEO Thai Dong acknowledged that the attack could not have been pulled off by Mythos alone and leveraged the human cybersecurity expertise of Calif’s hackers. Apple is now reviewing a 55 page report from Calif, with patches expected once findings are validated.
Source: Cyber Security News
