Anthropic's cutting-edge artificial intelligence (AI) model "Claude Mythos" appears to have breached Apple's operating system (OS), known for ironclad security, in five days.
The Wall Street Journal (WSJ) reported on the 14th (local time) that researchers at the U.S. security research corporations "Khalif" succeeded in using Mythos to bypass the core security framework of macOS. The researchers damaged macOS system memory and then found a way to access internal components of the device that were originally inaccessible for security reasons.
This is a so-called "privilege escalation" attack which, when combined with other attack techniques, can allow an attacker with ordinary user privileges to seize administrator-level control.
In September last year, Apple unveiled Memory Integrity Enforcement (MIE), a technology that significantly improved security performance by combining hardware and operating system (OS) capabilities. At the time, Apple described it as "the result of an unprecedented five-year design and engineering effort." Khalif said it took only five days using Mythos to write code that exploited vulnerabilities in macOS.
However, Khalif stressed that the attack was not possible with Mythos alone. Tai Duong, Khalif chief executive officer (CEO), said, "The development of the attack code drew on analysis and judgment from Khalif experts," adding, "Mythos is extremely good at reproducing previously documented attacks, but it cannot independently invent entirely new attack techniques."
Experts, however, are concerned that Mythos neutralized Apple's latest security system, built over years of effort, in a relatively short time. Former Google security researcher Michal Zalewski said, "Given that Apple has invested tremendous effort in macOS security, this technique is noteworthy."
Apple is reviewing a 55-page report detailing the research findings. Apple told the WSJ, "Security is our top priority, and we take reports of potential vulnerabilities seriously." Apple is also using cutting-edge AI models to detect and patch vulnerabilities.
Mythos, which Anthropic unveiled last month, is an AI model with strong capability for detecting software security vulnerabilities. Citing the risk that Mythos could be misused for hacking, Anthropic restricted access by releasing Mythos only to selected corporations.