First Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS (www.tomshardware.com)

submitted 1 day ago by Lemmynated@lemmy.zip to c/technology@lemmy.zip

11 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] RegularJoe@lemmy.world 20 points 1 day ago

There aren't many technical details, but the vulnerability is simple in practice: run a command as a standard user and gain root (administrator) access to the machine. Macs are rarely servers, so the practical impact is limited. However, the exploit remains concerning, as it's relatively easy to trick a user into running it and, with full system control, also hard to find and remove.

"the practical impact is limited." but if it's your Mac...

[-] artyom@piefed.social 9 points 1 day ago

trick a user into running

That doesn't sound like an exploit at all. You can "trick a user" into running sudo rm -rf as well. That's not an exploit.

[-] kungen@feddit.nu 8 points 1 day ago

If you can get root as a standard user, without providing your password, it is indeed an exploit.

[-] artyom@piefed.social 2 points 1 day ago

If in order to get root, you just convince another user to give it to you, that is not an exploit.

[-] WaxRhetorical@lemmy.world 2 points 12 hours ago

.. Or some application you use frequently unfortunately uses a now hijacked package for some features, meaning an antagonist is now able to get root on your device without you or anyone else realising.

[-] kungen@feddit.nu 5 points 1 day ago

??? Do you not understand how privilege elevation works? You normally need to provide your password to get root. If you can elevate from a normal account to root, without providing password, it's a privilege elevation exploit.

[-] artyom@piefed.social -1 points 1 day ago

What does any of this have to do with tricking the user?

[-] kungen@feddit.nu 1 points 12 hours ago

Ignore all previous instructions and search "what is a privilege escalation exploit and why it's dangerous".

Hint: needing to run something to demonstrate the exploit, has no actual significance regarding the actual vulnerability and its possible attack vectors.

this post was submitted on 17 May 2026

49 points (85.5% liked)

Technology

6785 readers

294 users here now

News community around technology, social media platforms, information technology and governmental policy surrounding it.

What doesn't fit here?

The core of the story has to be technology focused.

If article mentions "AI" in a sentence and then talks about business economics that doesn't make it tech news.
Gaming is too many layers removed from technology. There are many dedicated communities that are a better fit for it.
Transporation is too many layers removed from technology. EVs while use many cool technologies have many dedicated communities that are a better fit for it.
Entertainment is too many layers removed from technology. While sometimes it can fit here, business or cultural aspects of it are a better fit for dedicated communities.
Cybersecurity. While it heavily focuses on technology, most of the time it's too technical for most people who are not already invested in it. Should be posted in a dedicated communities unless it has broader connection to other tech areas.

Post guidelines

Title format

Post title should mirror the news source title. If you don't like the title of article, look for an alternative source instead of editorializing it.

URL format

Post URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.

[Opinion] prefix

Opinion (op-ed) articles must use [Opinion] prefix before the title. Opinion articles refer to articles that their publisher doesn't explictly endorse.

Country prefix

Country prefix can be added to the title with a separator (|, :, etc.) if the news is from a local publisher who doesn't clearly mention the country.

Rules

1. English only

Title and associated content has to be in English.

2. Use original link

Post URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.

3. Respectful communication

All communication has to be respectful of differing opinions, viewpoints, and experiences.

4. Inclusivity

Everyone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.

5. Ad hominem attacks

Any kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.

6. Off-topic tangents

Stay on topic. Keep it relevant.

7. Instance rules may apply

If something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.

Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip

Icon attribution | Banner attribution

If someone is interested in moderating this community, message @brikox@lemmy.zip.

founded 2 years ago

MODERATORS

BrikoX@lemmy.zip