First public kernel memory corruption exploit released for Apple M5

The first public exploit for a macOS kernel memory corruption vulnerability on Apple's M5 chip has been released [Calif.io Blog]. It targets a flaw that allows arbitrary code execution with kernel privileges, affecting all Macs powered by the M5.

The exploit leverages a use-after-free condition in the kernel’s I/O Kit framework—specifically within the AppleAVE driver, responsible for video encoding and decoding [Calif.io Blog]. This flaw arises when memory is improperly freed and later accessed, enabling attackers to manipulate kernel memory. The vulnerability persists across all current macOS versions running on M5 hardware.

Apple has not yet issued a patch. Devices remain exposed until an update is deployed, leaving users reliant on mitigations like runtime monitoring and restricted execution environments.

This is the first publicly demonstrated kernel-level exploit for the M5, indicating that even Apple’s latest silicon is not inherently immune to deep system flaws. The release serves both as a warning and a tool: offensive researchers can study the technique, while defenders must now account for real-world exploitation of this class of bug in Apple’s ARM64 environment.

The disclosure follows responsible timelines, with the researcher providing technical details only after confirming Apple had not patched the issue. Unlike speculative attacks, this exploit has been demonstrated in practice, raising immediate concerns for enterprise and high-risk users.