Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Apple: CIA’s Mac, iPhone Vulnerabilities Already Patched

Apple Tells WikiLeaks to Submit CIA Exploits Through Normal Process

Apple’s initial analysis of the iPhone and Mac exploits disclosed by WikiLeaks on Thursday shows that the vulnerabilities they use have already been patched. The company told WikiLeaks to send the information it possesses through the regular submission process.

Apple Tells WikiLeaks to Submit CIA Exploits Through Normal Process

Apple’s initial analysis of the iPhone and Mac exploits disclosed by WikiLeaks on Thursday shows that the vulnerabilities they use have already been patched. The company told WikiLeaks to send the information it possesses through the regular submission process.

WikiLeaks’ second “Vault 7” dump, dubbed by the organization “Dark Matter,” includes documents describing tools allegedly used by the U.S. Central Intelligence Agency (CIA) to spy on iPhones and Mac computers. However, installing the implants requires physical access to the targeted device.

The documents are dated 2008, 2009 and 2012, but WikiLeaks claims it has information that the CIA has continued to work on these tools. Apple has conducted a preliminary assessment of the latest WikiLeaks disclosure and determined that the vulnerabilities described in the documents were patched years ago.

“Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013,” Apple told SecurityWeek.

Apple’s analysis of the first Vault 7 leak also showed that many of the disclosed iOS exploits had already been patched in the latest version of the mobile operating system.

Advertisement. Scroll to continue reading.

The tools described in the Dark Matter leak include Sonic Screwdriver, which is designed to allow code execution on a Mac laptop with password-protected firmware via an exploit stored on a Thunderbolt-to-Ethernet adapter.

The DarkSeaSkies implant is designed for targeting the EFI on MacBook Air computers, while NightSkies can be used to steal data from iPhones.

The documents show that the exploits can be delivered either via a supply chain intercept or by giving the manipulated device to the target as a gift. However, some believe the claims made by WikiLeaks regarding supply chain interception are misleading.

Apple has not negotiated with WikiLeaks

WikiLeaks has not made public any of the actual exploits, but it has promised to share them with affected tech companies. However, the whistleblower organization wants these companies to meet certain conditions, including to promise to patch the vulnerabilities within 90 days.

While Mozilla has accepted WikiLeaks’ offer, it appears Google, Apple and other companies are not eager to cooperate, which WikiLeaks has blamed on “conflicts of interest due to their classified work for U.S. government agencies.” Apple said it had not negotiated with WikiLeaks for any information.

“We have given them instructions to submit any information they wish through our normal process under our standard terms,” Apple said in its statement. “Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.”

Related: Cisco Finds Zero-Day Vulnerability in ‘Vault 7’ Leak

Related: “Vault 7” Leak Shows CIA Learned From NSA Mistakes

Related: Industry Reactions to CIA Hacking Tools

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...