Calif, a security research team, on their blog:
Many security experts consider Apple devices to be the most secure
consumer platform. The latest flagship example is MIE (Memory
Integrity Enforcement), Apple’s hardware-assisted memory safety
system built around ARM’s MTE (Memory Tagging Extension). It was
introduced as the marquee security feature for the Apple M5 and
A19, specifically designed to stop memory corruption exploits, the
vulnerability class behind many of the most sophisticated
compromises on iOS and macOS. […]Our macOS attack path was actually an accidental discovery. Bruce
Dang found the bugs on April 25th. Dion Blazakis joined Calif on
April 27th. Josh Maine built the tooling, and by May 1st we had a
working exploit.We didn’t build the chain alone. Mythos Preview helped identify
the bugs and assisted throughout exploit development. […] To the
best of our knowledge, this is the first public macOS kernel
exploit on MIE hardware. Again, we’ll publish our 55-page report
after Apple ships a fix.
The Wall Street Journal ran a story on Calif’s announcement today that was heavy on hyperbole and extraordinarily light on technical details. Unsurprisingly, the team’s own blog post was much more informative and interesting. The achievement here is circumventing MIE.
