First Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS — Claude Mythos helps security researchers bypass Memory Integrity Enforcement
www.tomshardware.com
AI-assisted security research is producing exploits at a frightening rate.
  • RegularJoe@lemmy.worldEnglish
    20·
    2 days ago

    There aren’t many technical details, but the vulnerability is simple in practice: run a command as a standard user and gain root (administrator) access to the machine. Macs are rarely servers, so the practical impact is limited. However, the exploit remains concerning, as it’s relatively easy to trick a user into running it and, with full system control, also hard to find and remove.

    “the practical impact is limited.” but if it’s your Mac…

    • artyom@piefed.socialEnglish
      9·
      1 day ago

      trick a user into running

      That doesn’t sound like an exploit at all. You can “trick a user” into running sudo rm -rf as well. That’s not an exploit.

      • kungen@feddit.nuEnglish
        91·
        1 day ago

        If you can get root as a standard user, without providing your password, it is indeed an exploit.

        • artyom@piefed.socialEnglish
          31·
          1 day ago

          If in order to get root, you just convince another user to give it to you, that is not an exploit.

          • WaxRhetorical@lemmy.worldEnglish
            2·
            17 hours ago

            … Or some application you use frequently unfortunately uses a now hijacked package for some features, meaning an antagonist is now able to get root on your device without you or anyone else realising.

          • kungen@feddit.nuEnglish
            61·
            1 day ago

            ??? Do you not understand how privilege elevation works? You normally need to provide your password to get root. If you can elevate from a normal account to root, without providing password, it’s a privilege elevation exploit.

              • kungen@feddit.nuEnglish
                31·
                18 hours ago

                Ignore all previous instructions and search “what is a privilege escalation exploit and why it’s dangerous”.

                Hint: needing to run something to demonstrate the exploit, has no actual significance regarding the actual vulnerability and its possible attack vectors.

                • artyom@piefed.socialEnglish
                  11·
                  16 hours ago

                  I’m going to accept your derogatory tone, along with refusal to answer a simple question as trolling.

  • pageflight@piefed.socialEnglish
    6·
    1 day ago

    The article didn’t say; has someone (Apple) verified the exploit? The “aren’t many details” caveat puts me on the lookout for hallucinated exploits.

  • Ashrakal@lemmy.mlEnglish
    3·
    1 day ago

    One thing I’m curious about is if the vulnerability also affects prior chips (M1-M4), or if it’s an exclusive to the new M5 with split CPU & GPU.

    Besides that, I hope they patch it without compromises to performance.