Researchers from a Palo Alto firm called Calif utilized Anthropic's Claude Mythos to uncover a significant security vulnerability in Apple's macOS. This finding marks what they claim to be the "first public macOS kernel memory corruption exploit on Apple M5." The exploit enables an unprivileged local user to gain full access to the device, employing two vulnerabilities and several techniques as explained in a blog post by Calif.
Currently, Claude Mythos Preview is accessible to a select group of partners, including Apple, and its capabilities have demonstrated a remarkable ability to identify vulnerabilities swiftly due to its understanding of known bug classes. The blog post noted that Mythos played a crucial role in both discovering the bugs and aiding in the exploit's development.
It remains uncertain if this flaw has been addressed in recent updates, as Apple's release notes for macOS Tahoe 26.5 include a mention of a fix related to a bug reported by Calif in collaboration with Anthropic. However, Calif indicated that it met with Apple "early this week," suggesting that a fix may still be forthcoming. The company plans to disclose full technical details once the vulnerabilities are resolved.