Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple responds to latest WikiLeaks CIA document dump, says iPhone and Mac exploits fixed

Last updated

Apple issued a statement in response to Thursday's WikiLeaks release of CIA-gathered iPhone and Mac exploits, saying a preliminary assessment reveals the vulnerabilities to be years old and long since patched.

In a statement furnished to TechCrunch, Apple says an iPhone exploit detailed in the purported CIA documents impacts iPhone 3G, a device released in 2008. Apple fixed the security hole that same year. Mac vulnerabilities appear to be more recent, dating back to 2013, but have also been fixed.

We have preliminarily assessed the WikiLeaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn't in the public domain. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.

As AppleInsider reported earlier today, the WikiLeaks documents detailing Apple-specific attack vectors are years old and of limited use to would-be hackers.

For example, an exploit dubbed "DarkSeaSkies" targets MacBook Air and inserts an EFI routine called "DarkMatter" that subsequently installs software containing a kernel attack and the "NightSkies" malware and keylogging package.

DarkSeaSkies is delivered via USB and takes advantage of a Thunderbolt exploit discovered in 2014, meaning physical access to a target device is required for the technique to work. Apple later issued a patch for the vulnerability in 2015.

As for the supposed iPhone 3G intrusion, the method outlined in today's files rely on an offshoot of "NightSkies." As Apple notes, however, that hole has been plugged for some 8 years.

Today's WikiLeaks dump is part of the so-called "Vault 7" document stash. Initial disclosures were leaked earlier this month and detail a number of exploits affecting a wide range of hardware platforms.

The first document hoard contained thousands of files and revealed 14 iOS intrusion methods ranging from basic surveillance to remote device command and control. Like today's release, Apple analyzed the previous batch of exploits and confirmed "many" had already been patched.



8 Comments

SpamSandwich 19 Years · 32917 comments

Interesting that such old hacks are being revealed now. 

☕️
robertwalter 9 Years · 276 comments

Apple also seemed to indicate that it wasn't pursuing getting the WikiLks doc dump because it was stolen. 

IIRC the dumps til now were said to be a small percentage of Vault cache. 

If true, Apple is flipping the bird at getting rest of dump if not already in public domain. 

The Vault contents could already be in the possession of black hats. Apple's statement is high minded but seems to trade risk for ideological purity. 

Couldnt Apple seek permission from a federal judge to accept dump docs?  Possibly leveraging its news organization, or in a JV with NYT or WAPO or Walt Mossberg, to receive docs with 1st Amdt protections?  Then Apple staffs as consultants to writer could analyze and plug holes before article is published. 

robertwalter 9 Years · 276 comments

Interesting that such old hacks are being revealed now. 

Hopefully all hacks are equally old; even so, of the known hacks, it seems Macs older than 2012-ish have unfixable vulnerabilities. 

🎅
abracadabra 16 Years · 46 comments

The vulnerabilities are "alleged" even if we fixed them. So our fixes could also be called "alleged" by extension. Our lawyers tell us to use "alleged" in every sentence because it is so much cooler and they need to earn their living.