"Apple Inc. Was Breached Too"...Claude Mythos Finds a Latest macOS Vulnerability [IT Item of the Day]

\r\n
[Financial News] Anthropic's artificial intelligence model, Claude Mythos, worked with a human security expert to build attack code that could break through the security defenses of Apple's latest Mac operating system. The attack, which escalated a regular user's privileges to administrator level in just five days, has heightened concerns that AI is rapidly advancing hacking capabilities.
According to the IT industry and foreign media on the 19th, the U.S. security firm Calip recently found a kernel memory corruption vulnerability in macOS based on the Apple M5 chip while testing Claude Mythos.
Calip researchers reportedly linked two internal software bugs in macOS with several hacking techniques to corrupt system memory. They also implemented a privilege escalation attack that raised a regular user's access rights to administrator level. Privilege escalation refers to a method in which an attacker expands access from limited user privileges to system administrator privileges. It can allow intrusion not only into memory corruption points but also into otherwise inaccessible system areas, effectively taking control of the entire computer.
Calip said it took five days to create the attack code using Claude Mythos Preview. However, the AI is said to have quickly identified a previously known type of bug, and the attack was not carried out by Mythos alone. Human security experts' code design know-how and experience also played a role.
Tai Duong, CEO of Calip, said, "Mythos is already excellent at reproducing known attack techniques," and added, "We have not yet seen AI create a completely new attack technique, and this case is a new kind of outcome."
Calip researchers are said to have visited Apple Park in person and delivered a 55-page technical report. Apple Inc. said, "Security is our top priority, and we take reports of potential vulnerabilities very seriously," adding that it is reviewing Calip's report. The company is expected to address the security flaw and disclose specific details later.
Cybersecurity experts are worried about a "bugmageddon," in which the emergence of generative AI such as Mythos leads to an unprecedented surge in the discovery of security vulnerabilities. Earlier this year, Anthropic's Mythos found more than 100 high-risk vulnerabilities in the Firefox browser over a two-week period.
kaya@fnnews.com Choi Hye-rim Reporter