Calif, a security research team, on their blog:

Many security experts consider Apple devices to be the most secure consumer platform. The latest flagship example is MIE (Memory Integrity Enforcement), Apple’s hardware-assisted memory safety system built around ARM’s MTE (Memory Tagging Extension). It was introduced as the marquee security feature for the Apple M5 and A19, specifically designed to stop memory corruption exploits, the vulnerability class behind many of the most sophisticated compromises on iOS and macOS. [...]

Our macOS attack path was actually an accidental discovery. Bruce Dang found the bugs on April 25th. Dion Blazakis joined Calif on April 27th. Josh Maine built the tooling, and by May 1st we had a working exploit.

We didn’t build the chain alone. Mythos Preview helped identify the bugs and assisted throughout exploit development. [...] To the best of our knowledge, this is the first public macOS kernel exploit on MIE hardware. Again, we’ll publish our 55-page report after Apple ships a fix.

The Wall Street Journal ran a story on Calif’s announcement today that was heavy on hyperbole and extraordinarily light on technical details. Unsurprisingly, the team’s own blog post was much more informative and interesting. The achievement here is circumventing MIE.

Paresh Dave, Lauren Goode, Steven Levy, and Zoë Schiffer, reporting for Wired (News+ link):

As Meta employees brace for layoffs next Wednesday, May 20, many say the vibes are horrifically, historically low. “Everyone is unhappy; the only people who are not unhappy are, literally, executives,” says an employee who works on Instagram.

I’ve never heard of a company bracing for layoffs where the morale was good. But this Wired report — with some all-star bylines — paints a particularly dark picture of the mood in Menlo Park:

“I don’t know anyone having a good time,” says a policy staffer. “The vibe is a bit ‘over it’ — lack of connection to the mission, upcoming layoffs, American employees being used to train the AI models that will replace them.”

Anyone who can afford to leave is hoping to be laid off and receive the 16 weeks minimum of severance and 18 months of paid health care that come with it, several people say. As the Instagram employee put it, “Everyone is just like, do it now, jesus fucking christ.” Only the individuals with the best pay packages and involved in the core development of AI seem to be thriving, a longtime senior leader at Meta says.

Regarding the new employee surveillance tracking software:

Opting out is not possible, according to three employees. “Nobody is happy about it,” says a current employee. “And we have no choice.” Some employees claim they have found workarounds to dodge tracking or have managed to delay installation.

The software, known as Model Capability Initiative, or MCI, suddenly turned people across the company into privacy zealots, a legal staffer says. When employees protested the rollout in internal messages, including by referencing Meta’s history of user data breaches, chief technology officer Andrew Bosworth “belittled and berated” the dissenters, one veteran employee says and another confirms. “These billionaires can’t even feign empathy,” the first person says. “The social contract is completely shattered at this point.”

Unanswered remains my question from earlier this week: is MCI installed on Bosworth’s computer too? (And Zuck’s?)

Geoffrey Fowler, on his blog, which, alas, he calls “a Substack”:

I’m joining the Youth AI Safety Institute as its first new employee. It’s a research and testing organization launching today under the umbrella of children’s nonprofit Common Sense Media. Backed by a $20 million annual budget, the Institute aims to do something that doesn’t really exist yet: systematically test the AI products kids use, set safety standards, and publicly hold tech companies accountable for meeting them. Think crash test dummies for AI.

On the surface this sounds like a great idea, and Fowler does have a strong background in consumer-oriented product reviews.

My title is Head of Public Engagement — a kind of editor-at-large. I’ll work alongside researchers, computer scientists, pediatricians, clinical psychologists and educators to investigate what happens when kids use AI products, including chatbots, games, educational apps, furry AI toys and whatever comes next. My job is to help turn those findings into something families, educators, policymakers and tech leaders can use.

“We safety-test kids’ PJs. Why not their AI?” says my new colleague at Common Sense, Bruce Reed, who helped craft the Biden White House’s groundbreaking 2023 AI Executive Order.

What exactly did Biden’s AI Executive Order accomplish? As far as I know, absolutely nothing.

Some tech power players, including Anthropic and the OpenAI Foundation, have joined a consortium of foundations and private donors funding the Institute’s work. They get no say over what we publish. (And in my time at The Washington Post, I didn’t let Jeff Bezos’ ownership of the newspaper affect my criticism of Amazon.)

I’m not sure I’ve ever in my life used the phrase “Good luck with that” non-sarcastically, but in this case I mean it: good luck with that. I hope it works out, and someone has to pay the bills (and salaries). But color me skeptical about the foxes funding the henhouse inspectors.

Owen Scott, reporting for The Independent:

The list of tech and financial industry titans joining the commander-in-chief during his summit with China’s president Xi Jinping includes Elon Musk, BlackRock CEO Larry Fink, and Apple CEO Tim Cook. [...]

Trump earlier confirmed a number of high-profile attendees in a lengthy post on Truth Social, albeit referring to Cook as “Tim Apple” in the process.

While he’s in such a jocular nickname-y mood, he should drop a reference to Winnie the Pooh into some of these posts on his blog.

Antonio G. Di Benedetto, reporting for The Verge (gift link):

Google is announcing a new line of laptops coming in the fall called Googlebooks. Details are sparse for now, as the tease is just a small part of various Android announcements during Google’s Android Show. But we do know this is a major new initiative in the laptop space for Google, seemingly designed to succeed Chromebooks with something more capable: a platform running a long-rumored new operating system based on a fusion of Android and ChromeOS.

While there are many outstanding questions to be answered about Googlebooks, the biggest and most obvious ones are what will these laptops look like, what chips will be in them, and what will they cost? We’ve got none of that so far. Google only has some initial renders of a mysterious Googlebook and the promise that it’s working with Acer, Asus, Dell, HP, and Lenovo to make the first models. There are no model names. No specs. Nada. Google isn’t even saying if the laptop in its renders is made by a partner or a tease of some first-party Pixel-like Googlebook to come or is just a cool mockup.

This is so light on details that I was hesitant to even link to it yet. (Di Benedetto is skeptical as well.) But this caught my attention:

Googlebooks will have a Magic Pointer feature that offers contextual suggestions whenever you shake your cursor and point it at something on the screen. Google’s examples include setting up a meeting by pointing at a date in an email or selecting images of furniture and a living space to visualize them together.

Shaking your cursor over something is an interesting gesture. The only feature I’m aware of that uses that gesture is MacOS’s feature that makes your cursor bigger when you shake it, to help spot it on the display. It seems a bit silly to me — why not just add the “Magic” features to a contextual menu? But, then again, here we are in 2026 and the standard gesture to invoke the Undo command on iOS is to shake your whole iPhone like a maraca.