Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Apple, Google Say Users Protected Against CIA Exploits

Apple and Google are confident that a majority of the vulnerabilities disclosed by WikiLeaks as part of the “Vault 7” release, which focuses on the hacking tools allegedly used by the U.S. Central Intelligence Agency (CIA), do not affect the latest versions of their products.

Apple and Google are confident that a majority of the vulnerabilities disclosed by WikiLeaks as part of the “Vault 7” release, which focuses on the hacking tools allegedly used by the U.S. Central Intelligence Agency (CIA), do not affect the latest versions of their products.

Microsoft is investigating the leaked documents, but it has yet to provide any specific information. Apple, on the other hand, said its initial analysis indicated that many of the issues mentioned in the Vault 7 leaks are patched in the latest version of its iOS operating system, and pointed out that nearly 80 percent of its customers are running the latest release.

Nevertheless, the company has promised to continue working on quickly addressing any identified flaws.

Google’s analysis is also ongoing, but the tech giant says it’s confident that the security updates and protections in Chrome and the Android operating system can shield users against many of the exploits.

The files released by WikiLeaks indicate that the CIA has had the tools and capabilities needed to hack any type of system, including mobile devices, desktop computers, networking equipment, and Internet of Things (IoT) devices.

Vulnerabilities affecting operating systems such as Android and iOS could have a critical impact as they can allow attackers to gain complete control of a device and access sensitive user information. Hackers can even obtain messages exchanged via secure applications such as Signal and Telegram without having to break their encryption.

Security firms have scrambled to assess the impact of the CIA hacking tools, but so far there is no evidence that the intelligence agency’s exploits are very sophisticated. A majority of the disclosed vulnerabilities have either been patched a long time ago, or they are considered low severity.

However, WikiLeaks has not released any of the actual exploits, making it difficult for vendors to assess the real impact. The whistleblower organization has considered providing more details to tech companies in order to allow them to fix the vulnerabilities faster.

The CIA has not commented on the authenticity of the leaked documents, but it pointed out that its mission is to collect foreign intelligence overseas in an effort to protect the U.S. from adversaries such as terrorists and hostile nation states. The CIA also noted that it is legally prohibited from spying on individuals in the United States. The agency accused WikiLeaks of jeopardizing U.S. personnel and operations.

Related: “Vault 7” Leak Shows CIA Learned From NSA Mistakes

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.