Apple issued a statement in response to Thursday's WikiLeaks release of CIA-gathered iPhone and Mac exploits, saying a preliminary assessment reveals the vulnerabilities to be years old and long since patched.
In a statement furnished to TechCrunch, Apple says an iPhone exploit detailed in the purported CIA documents impacts iPhone 3G, a device released in 2008. Apple fixed the security hole that same year. Mac vulnerabilities appear to be more recent, dating back to 2013, but have also been fixed.
We have preliminarily assessed the WikiLeaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.
We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn't in the public domain. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.
As AppleInsider reported earlier today, the WikiLeaks documents detailing Apple-specific attack vectors are years old and of limited use to would-be hackers.
For example, an exploit dubbed "DarkSeaSkies" targets MacBook Air and inserts an EFI routine called "DarkMatter" that subsequently installs software containing a kernel attack and the "NightSkies" malware and keylogging package.
DarkSeaSkies is delivered via USB and takes advantage of a Thunderbolt exploit discovered in 2014, meaning physical access to a target device is required for the technique to work. Apple later issued a patch for the vulnerability in 2015.
As for the supposed iPhone 3G intrusion, the method outlined in today's files rely on an offshoot of "NightSkies." As Apple notes, however, that hole has been plugged for some 8 years.
Today's WikiLeaks dump is part of the so-called "Vault 7" document stash. Initial disclosures were leaked earlier this month and detail a number of exploits affecting a wide range of hardware platforms.