Apple operating systems are widely viewed as more secure than competing mobile and computing platforms. Security researchers from Calif claim they breached macOS by designing a privilege escalation exploit. The work used Anthropic’s Claude Mythos Preview to identify vulnerabilities and accelerate exploit development. The vulnerabilities were described as belonging to known classes, allowing faster bug identification, while human expertise was still required to craft the exploit. The exploit could allow access to MacBook areas that should be inaccessible, enabling attacker control. Apple reportedly took the findings seriously and met with the researchers at Apple Park. The researchers plan to release full technical details after Apple fixes the vulnerabilities and attack path. Anthropic’s Project Glasswing aims to prevent AI cyberattacks using AI tools across participating organizations.
"Apple's operating systems are known for their security, especially compared to their rivals in mobile and computing. Now, security researchers from a Palo Alto-based company called Calif claim they were able to breach macOS after designing a privilege escalation exploit with help from Anthropic's Claude Mythos Preview. As The Wall Street Journal reports, the exploit could be used to access parts of the MacBook that should be inaccessible and, thus, allows the attacker to take control of a Mac computer."
"The researchers worked with Mythos to identify the vulnerabilities and to help them with the exploit's development. Mythos Preview was able to identify the bugs quickly, because they belonged to known classes. Human expertise was still necessary to be able to design the exploit, but this shows advanced AI systems could unearth bugs and attack paths that were previously unknown and could be used by bad actors to stage security breaches."
"Apple is taking the researchers' findings seriously, and told The Journal: "Security is our top priority, and we take reports of potential vulnerabilities very seriously." In fact, the researchers already met with the company at Apple Park in Cupertino to discuss what they're calling the "first public macOS kernel memory corruption exploit on M5 silicon." If the details they shared sounded vague, it's because they're planning to release the full technical details of their findings after Apple fixes the vulnerabilities and attack path."
"Anthropic uses Claude Mythos Preview for Project Glasswing, the initiative it launched in April to prevent AI cyberattacks with AI. Glasswing participants, including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, can use Mythos to strengthen the security of their own projects. Mozilla, for instance, previously announced that it found and patched 271 vulnerabilities in its latest release of the"
#macos-security #privilege-escalation #kernel-memory-corruption #ai-cybersecurity #anthropic-claude-mythos-preview
Read at Engadget
Unable to calculate read time
Collection
[
|
...
]