Security Experts:

Apple, Google Say Users Protected Against CIA Exploits

Apple and Google are confident that a majority of the vulnerabilities disclosed by WikiLeaks as part of the “Vault 7” release, which focuses on the hacking tools allegedly used by the U.S. Central Intelligence Agency (CIA), do not affect the latest versions of their products.

Microsoft is investigating the leaked documents, but it has yet to provide any specific information. Apple, on the other hand, said its initial analysis indicated that many of the issues mentioned in the Vault 7 leaks are patched in the latest version of its iOS operating system, and pointed out that nearly 80 percent of its customers are running the latest release.

Nevertheless, the company has promised to continue working on quickly addressing any identified flaws.

Google’s analysis is also ongoing, but the tech giant says it’s confident that the security updates and protections in Chrome and the Android operating system can shield users against many of the exploits.

The files released by WikiLeaks indicate that the CIA has had the tools and capabilities needed to hack any type of system, including mobile devices, desktop computers, networking equipment, and Internet of Things (IoT) devices.

Vulnerabilities affecting operating systems such as Android and iOS could have a critical impact as they can allow attackers to gain complete control of a device and access sensitive user information. Hackers can even obtain messages exchanged via secure applications such as Signal and Telegram without having to break their encryption.

Security firms have scrambled to assess the impact of the CIA hacking tools, but so far there is no evidence that the intelligence agency’s exploits are very sophisticated. A majority of the disclosed vulnerabilities have either been patched a long time ago, or they are considered low severity.

However, WikiLeaks has not released any of the actual exploits, making it difficult for vendors to assess the real impact. The whistleblower organization has considered providing more details to tech companies in order to allow them to fix the vulnerabilities faster.

The CIA has not commented on the authenticity of the leaked documents, but it pointed out that its mission is to collect foreign intelligence overseas in an effort to protect the U.S. from adversaries such as terrorists and hostile nation states. The CIA also noted that it is legally prohibited from spying on individuals in the United States. The agency accused WikiLeaks of jeopardizing U.S. personnel and operations.

Related: "Vault 7" Leak Shows CIA Learned From NSA Mistakes

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.