Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Apple, Google Say Users Protected Against CIA Exploits

Apple and Google are confident that a majority of the vulnerabilities disclosed by WikiLeaks as part of the “Vault 7” release, which focuses on the hacking tools allegedly used by the U.S. Central Intelligence Agency (CIA), do not affect the latest versions of their products.

Apple and Google are confident that a majority of the vulnerabilities disclosed by WikiLeaks as part of the “Vault 7” release, which focuses on the hacking tools allegedly used by the U.S. Central Intelligence Agency (CIA), do not affect the latest versions of their products.

Microsoft is investigating the leaked documents, but it has yet to provide any specific information. Apple, on the other hand, said its initial analysis indicated that many of the issues mentioned in the Vault 7 leaks are patched in the latest version of its iOS operating system, and pointed out that nearly 80 percent of its customers are running the latest release.

Nevertheless, the company has promised to continue working on quickly addressing any identified flaws.

Google’s analysis is also ongoing, but the tech giant says it’s confident that the security updates and protections in Chrome and the Android operating system can shield users against many of the exploits.

The files released by WikiLeaks indicate that the CIA has had the tools and capabilities needed to hack any type of system, including mobile devices, desktop computers, networking equipment, and Internet of Things (IoT) devices.

Vulnerabilities affecting operating systems such as Android and iOS could have a critical impact as they can allow attackers to gain complete control of a device and access sensitive user information. Hackers can even obtain messages exchanged via secure applications such as Signal and Telegram without having to break their encryption.

Security firms have scrambled to assess the impact of the CIA hacking tools, but so far there is no evidence that the intelligence agency’s exploits are very sophisticated. A majority of the disclosed vulnerabilities have either been patched a long time ago, or they are considered low severity.

However, WikiLeaks has not released any of the actual exploits, making it difficult for vendors to assess the real impact. The whistleblower organization has considered providing more details to tech companies in order to allow them to fix the vulnerabilities faster.

Advertisement. Scroll to continue reading.

The CIA has not commented on the authenticity of the leaked documents, but it pointed out that its mission is to collect foreign intelligence overseas in an effort to protect the U.S. from adversaries such as terrorists and hostile nation states. The CIA also noted that it is legally prohibited from spying on individuals in the United States. The agency accused WikiLeaks of jeopardizing U.S. personnel and operations.

Related: “Vault 7” Leak Shows CIA Learned From NSA Mistakes

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...