Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago

  /     /     /  
Publicated : 22/11/2024   Category : security


Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago


New WikiLeaks data dump describes Sonic Screwdriver, other CIA exploits for Mac desktops and iPhones



The Apple desktop and mobile product vulnerabilities that were revealed this week, in a WikiLeaks data dump of documents allegedly describing several secret CIA projects, were all fixed years ago, Apple said Friday.
The leaked information on the Apple vulnerabilities is from a larger collection of documents that WikiLeaks has dubbed Vault 7, containing hitherto classified information on the CIA’s malware tools and hacking capabilities.
The documents show that the CIA’s Embedded Development Branch developed multiple techniques for breaking into Apple phones and desktops and gaining persistence on them.
One of the attacks was dubbed Sonic Screwdriver and was designed to let an attacker execute code on peripheral devices, like a USB stick, while a Mac laptop or desktop was booting. The method allowed an attacker to load attack software from a USB device even if a firmware password was enabled to prevent that from happening.
Another leaked document described an alleged CIA implant called “DarkSeaSkies that was capable of persisting in the Extensible Firmware Interface (EFI) of an Apple MacBook Air system.
Also released this week was a document pertaining to Mac OS X malware developed by the CIA called Triton and an EFI-persistent version of the tool dubbed DerStarke. While some of the tools described in the dump date back to 2013, there is evidence that the CIA has continued to update and use some of the other tools, WikiLeaks claimed in a statement.
Included in the release are details of NightSkies 1.2, an implant for the Apple iPhone that was installed physically on new iPhones. The implant suggests the CIA infected the supply chain of its targets at least since 2008, the site claimed.
In a statement, Apple said the company’s preliminary assessment of the leaked documents shows that the alleged iPhone vulnerability that NightSkies exploited affected only the iPhone 3G and was fixed back in 2009 along with the release of the iPhone 3GS. “Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013,” the statement said.
As per its usual practice, WikiLeaks has not revealed how it obtained the Vault 7 documents. It has described the documents containing information on the CIA’s entire hacking arsenal. Many security experts believe an insider or insiders with privileged access to the documents provided them to WikiLeaks.
Related stories:
Entire Hacking Capacity Of CIA Dumped On Wikileaks, Site Claims
What Businesses Can Learn From the CIA Data Breach
Stockpiling 0-Day Bugs Not So Dangerous After All, RAND Study Shows
 

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago