The bugs were chained together into a privilege escalation exploit capable of bypassing Apple’s state-of-the-art memory integrity enforcement, granting unauthorized access to parts of the system that are supposed to be completely off-limits.
Apple is now reviewing a 55-page report from Calif, with patches expected once findings are validated.
Discovered during testing sessions in April, the exploit combines two macOS bugs alongside several advanced techniques to corrupt the Mac’s memory, ultimately breaking into restricted system areas that normal processes cannot reach.
According to The Wall Street Journal, if the privilege escalation exploit were chained with additional attacks, it could enable a malicious actor to seize full control of the targeted Mac.
Calif’s researchers wrote custom software that links the two vulnerabilities together, producing an attack vector that macOS has never encountered in this form before.
Importantly, this is not a remotely deployable worm; the exploit still requires significant human expertise layered on top of what Mythos produced.
Calif CEO Thai Dong acknowledged as much, stating the attack “couldn’t have been pulled off by Mythos alone and leveraged the very human cybersecurity expertise of some of Calif’s hackers.”
Anthropic’s Mythos, formerly known as the Claude Mythos Preview, has been deliberately kept from public release due to its extraordinary and potentially dangerous capabilities for identifying software vulnerabilities.
The model is part of Anthropic’s broader Project Glasswing initiative, which grants approximately 40 select organizations, including Apple, Google, and Microsoft, controlled access to Mythos for defensive security research.
Anthropic has committed up to $100 million in usage credits to support the collaborative effort.
Mythos has already demonstrated its potential: prior to the macOS discovery, the model reportedly uncovered a bug in OpenBSD that had gone undetected for 27 years and identified vulnerabilities in Linux that could hijack machines.
Engineers at Anthropic have explicitly warned that the model’s proficiency in surfacing security flaws is too significant to be released without strict guardrails.
Calif researchers were so confident in their findings that they traveled in person to Apple’s headquarters in Cupertino to deliver the 55-page technical report directly.
An Apple spokesperson responded to The Wall Street Journal, stating: “Security is our top priority, and we take reports of potential vulnerabilities very seriously.”
Apple has not confirmed whether it has begun patching the reported vulnerabilities, but Calif CEO Thai Dong told the WSJ he believes “the bugs will likely be fixed pretty quickly.”
Full technical details of Calif’s discoveries will not be released publicly until Apple has addressed the underlying issues.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security appeared first on Cyber Security News.
The list of nominees for the 2026 Will Eisner Comic Industry Awards has been revealed.…
A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have…
A widely used JavaScript inter-process communication library has been weaponized again. Socket and Stepsecurity have…
A sprawling supply chain attack has put software developers worldwide on high alert after hackers…
Enterprise email infrastructure remains one of the most critical and vulnerable targets for cybercriminals. A…
The cybercrime underworld is turning open-source supply chain attacks into a twisted competition. After months…
This website uses cookies.