The vulnerability stems from an integer overflow in the bounds check inside _zalloc_ro_mut, the sole writer to macOS's read-only (RO) zone, enabling an attacker-controlled write to spill into neighboring RO-zone structures such as ucred cr_uid and potentially grant root access.

Defensive guidance emphasizes patching promptly, verifying builds via MDM, monitoring post-exploit activity (for example, unexpected root-like actions by processes), and maintaining defense-in-depth with endpoint logging, allow-listing, Lockdown Mode, and security profiles, while watching the upcoming Calif report for more techniques.

Apple’s Memory Integrity Enforcement (MIE) provides hardware-assisted kernel memory safety, but a three-person team demonstrated a bypass in five days by feeding memory-unsafe inputs to a trusted writer function.

Perspective on the patch: it fixes this specific bug yet leaves the broader class of RO-zone writer vulnerabilities open; future exploits may still emerge from other writers, underscoring the need for ongoing patch cadence and proactive defense.

Patch details: Apple mitigated the issue in macOS 26.5 by moving the overflow check earlier, adding a per-CPU RO-zone bound via TPIDR_EL1, and removing a useless stack-overlap check, thereby confining writes to per-CPU RO sub-zones and preventing end-wraps from bypassing the bounds.

The exploit chain relies on data-only techniques and abuse of an approved writer, with no triggering of EMTE, SPTM, or page-table protections since the vulnerability lies in a trusted writer’s logic.

Exploitation guidance for researchers: shift focus from pointer corruption to abuse of trusted writers; search for other RO-zone writers (e.g., _zalloc_ro_mut_atomic, codesigning-flag mutators, sandbox-slot updaters, AMFI writers, IPC rights updaters) and scrutinize their bounds-check order for similar flaws.

Impact spans M5/A19 Apple Silicon and older generations, with the specific bypass demonstrated on M5; patches cover multiple OS versions (iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5) across Sonoma, Sequoia, Tahoe, and related releases, while the broader RO-zone writer vulnerability class remains unaddressed.

Recommendation for Apple: implement per-CPU bounds for all RO-zone writers and introduce canaries between RO-zone slots to detect overflows before they spill into adjacent sensitive data.

Attack flow, as disclosed: exploit a public syscall (e.g., csops_audittoken or mac_set_*), feed a crafted usersize into _zalloc_ro_mut, push a wrapped end past pre-patch checks, spill into a neighboring RO-zone slot such as another ucred’s cr_uid, and escalate to root.