Security Firm: Claude Mythos Discovers macOS Exploit
As part of "Project Glasswing", Anthropic is working with Apple to find security vulnerabilities. A security firm has now used the model for this purpose.
Apple Keyboard with Padlock: How Secure is macOS?
(Image: ArtVibe1 / Shutterstock)
The AI model Claude Mythos, launched with great anticipation and hype, which is intended to be used to find security vulnerabilities as part of "Project Glasswing", has flagged issues with macOS. Not through tests by Apple, however, but by an external security firm. The Palo Alto-based company Calif was reportedly able to use techniques suggested by an early version of Mythos to exploit "two bugs and a handful of techniques" to achieve memory corruption. Calif then gained a privilege escalation. It remained unclear how far attackers would have gotten with the exploit.
Visit to Cupertino
Details have not yet been published. However, Calif considers the problem so serious that company employees drove directly to Apple last Tuesday, the Wall Street Journal writes. The team handed over a 55-page report to Apple. This personal visit alone (or Apple's invitation to it) can be considered a special feature. The security firm will only publish details once Apple has internally tested and implemented a patch. This will probably happen quite quickly, according to Thai Duong of Calif.
Videos by heise
Apple told the Wall Street Journal that the company is now investigating the information provided. Security is a top priority, and potential vulnerabilities are taken very seriously. Ex-Google security researcher Michal Zalewski, who was able to examine the Calif exploit, stated that the technique used is remarkable, given how much effort Apple puts into protecting macOS. It is currently difficult to assess all of this from the outside because Calif has not even specified which system area the problems lie in. However, it is likely related to the new system protection Memory Integrity Enforcement (MIE), which enables significantly improved memory protection in newer Apple chips.
Apple also has access to Mythos
When Mythos was announced, Anthropic claimed to have discovered ĂĽber 100 schwerwiegende Fehler in Firefox (over 100 serious bugs in Firefox) in a short period, many of which have already been fixed. As part of Project Glasswing, security researchers, including Calif, as well as major IT corporations like Apple itself, were granted access to the "cyber" capabilities of Mythos. A race has now broken out to see who can find the most bugs with the AI model.
However, Anthropic is not alone in this: OpenAI and Google are also working on or have long been offering corresponding models. Furthermore, the Calif exploit could not be implemented by Mythos alone. Duong, the company's CEO, stated that the work would only have been possible with "very human cybersecurity expertise." Currently, Mythos primarily succeeds in reproducing already documented attacks. However, the exploit is now said to represent a new attack technique.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
