Claude AI Finds Bugs In Microsoft CTO's 40-Year-Old Apple II Code

Source: Slashdot

Background

In May 1986, Microsoft Azure CTO Mark Russinovich wrote a utility called Enhancer for the Apple II personal computer. The utility, written in 6502 machine language, added the ability to use a variable or BASIC expression for the destination of a GOTO, GOSUB, or RESTORE command, whereas unmodified Applesoft BASIC would only accept a line number.

AI Analysis

Russinovich used Claude Opus 4.6 (released early last month) to examine the Enhancer source code. The AI decompiled the machine‑language program and identified several security issues, including a case of “silent incorrect behavior.” When the destination line was not found, the program would set the pointer to the following line or past the end of the program instead of reporting an error. The suggested fix is to check the carry flag (set when the line is not found) and branch to an error handler.

Implications

Russinovich noted that while the vulnerability in this Apple II type‑in code is of limited practical concern, the ability of AI to decompile embedded code and uncover flaws is significant. As one commenter put it, “Billions of legacy microcontrollers exist globally, many likely running fragile or poorly audited firmware like this.” This highlights the emerging era of automated, AI‑accelerated vulnerability discovery that could be leveraged by both defenders and attackers.