News: 0183241679

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Anthropic's Mythos Helped Build a Working macOS Exploit in Five Days (9to5mac.com)

(Saturday May 16, 2026 @05:34PM (EditorDavid) from the biting-Apple dept.)


"The vulnerability is simple in practice," [1]writes Tom's Hardware : "run a command as a standard user and gain root (administrator) access to the machine." And it was Mythos Preview that helped the security researchers at Palo Alto-based Calif bypass a five-year Apple security effort in just five days. [2]The blog 9to5Mac reports :

> Last year, Apple [3]introduced Memory Integrity Enforcement (MIE), a hardware-assisted memory safety system designed to make memory corruption exploits much harder to execute... [The researchers note it's built into Apple all models of the iPhone 17 and iPhone Air, and some MacBooks] They explain they have a 55-page technical report on the hack, but they won't release it until Apple ships a fix for the exploit. But they do note in broad terms that Anthropic's [4]Mythos Preview model helped them identify the bugs and assisted them throughout the entire collaborative exploit development process.

>

> "Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class. Mythos discovered the bugs quickly because they belong to known bug classes. But MIE is a new best-in-class mitigation, so autonomously bypassing it can be tricky. This is where human expertise comes in. Part of our motivation was to test what's possible when the best models are paired with experts. Landing a kernel memory corruption exploit against the best protections in a week is noteworthy, and says something strong about this pairing...."

>

> [I]n a time when even small teams, with the help of AI, can make discoveries such as this one, "we're about to learn how the best mitigation technology on Earth holds up during the first AI bugmageddon."



[1] https://www.tomshardware.com/tech-industry/cyber-security/apple-m5-architecture-suffers-first-privilege-escalation-exploit-anthropics-claude-mythos-helps-researchers-bypass-memory-integrity-enforcement

[2] https://9to5mac.com/2026/05/14/calif-team-details-how-anthropic-mythos-helped-build-a-working-macos-exploit-in-five-days/

[3] https://apple.slashdot.org/story/25/09/14/228211/apple-claims-most-significant-upgrade-to-memory-safety-in-os-history

[4] https://blog.calif.io/p/first-public-kernel-memory-corruption


Day 6 and 7? (Score:1)

by Anonymous Coward

Not sure what this AI deity did on day 6 but certainly day 7 was rest. All in all, a good week.

Another LPE... YAWN. Wake me for RCEs (Score:2)

by MIPSPro ( 10156657 )

I've only seen the one, lame NFSd RCE for FreeBSD a few weeks ago. This "amazing" new LLM cannot seem to generate much beyond hype, just like their broken compiler. They claim there are "thousands" of bugs waiting in the rushes. However, they've only released about a dozen checksums for heretofore unknown "really bad bugs."

So far, you're mostly talk, Anthropic. A bare handful of LPEs, one RCE, and @200 unknown Firefox "bugs" (but few details there and no idea if they are all security bugs). Guys, when you

One other thing. On OpenSSH (Score:2)

by MIPSPro ( 10156657 )

You all know damn good and well they've POURED over the OpenSSH code, hoping for an RCE. So, super-bots, what's up? Why you failing to deliver the goods for all the scumbags in Russia, China, and Eastern Europe who are just salivating waiting for that "pwns everything" bug? Like fetch... it's not happening.

Re: (Score:3)

by Moridineas ( 213502 )

Mozilla has discussed what kind of bugs they found. Here's their blog entry: [1]https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/ [mozilla.org]

You should read it. It's a very level-headed article that avoids the for and against LLM-hype that so many low quality news sources report.

Around close to the same time, Greg Kroah-Hartman also commented on improving reports: [2]https://www.theregister.com/software/2026/03/26/linux-kernel-czar-says-ai-bug-reports-arent-slop-anymore/5226256 [theregister.com]

Finding bugs is good. Integ

[1] https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/

[2] https://www.theregister.com/software/2026/03/26/linux-kernel-czar-says-ai-bug-reports-arent-slop-anymore/5226256

Adapt AI to be a disclosure tool (Score:2)

by Registered Coward v2 ( 447531 )

AI could also be used to automatically alert OS developers of exploits they have created. AI companies could partner with companies to counter bad actors. Of course , three letter agencies would be exempt.

I am aware of an AI that actually can do more (Score:2)

by trelanexiph ( 605826 )

Mythos was hype. There are exploit finding/code analysis AI's out there that are not.

I'm just waiting for someone to release one to Hugging Face with the training corpus, weights, model structure, everything fully open source so I can watch the world burn.

"CmdrBurrito" Launches Slashdot.org Parody

An anonymous hacker with the handle "CmdrBurrito" has launched a parody of the
Slashdot "News for Nerds" site entitled Dotslash. Dotslash has the motto
"Snooze for Slackers. Stuff that Scatters." It has fake news articles and
ficticious reader comments. Some of the recent articles include "Bill Gates
Wins Powerball Jackpot," "Linux 2.1.666 Released," and "Supercomputer Created
from 8088 and Z80 Computers." Rumor has it that "CmdrBurrito" plans to create
parodies of other sites, including Linux Weekly News ("Linsux Weakly Snooze"),
Freshmeat ("Deadmeat"), and Linux.org ("Linsux.org").

When asked about Dotslash, Slashdot webmaster Rob "CmdrTaco" Malda said, "No
problem. I simply posted an article about it on Slashdot, and watched it die
from the 'Slashdot Effect.' Six hours later, and it's still offline. I suspect
Dotslash is running Windows NT. The mystery 'CmdrBurrito' character is probably
a bored Microsoft employee."