Yesterday, WikiLeaks stunned the world by publishing a cache of 8,761 secret documents detailing dirty tactics that organizations like the CIA leverage in order to hack not just iOS and Android devices, but also computers, routers and televisions. In a statement issued to news outlets like TechCrunch, and subsequently posted to Twitter by BuzzFeed’s John Paczkowski, a company spokesperson confirmed that Apple had already patched many of the fourteen exploits mentioned in the WikiLeaks dump, codenamed “Vault 7”.
Here’s Apple’s statement in full:
Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system.
While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.
The leak proves what we’ve already known or suspected thus far—that the CIA both buys zero-day exploits to breach iPhones and iPads on the open market as well as develops their own exploits in-house. For the sake of completeness, zero day exploits are commonly unknown to Apple and the security community at large.
While it targets other platforms, including Android, Windows PCs, routers and Samsung Smart TVs, global elites’ love of iPhone has made iOS a prime target of the CIA. Compromised devices are said to be able to track users’ conversations, texts, geolocations and do nefarious things like remotely turn on the camera and microphone.
The leaked documents include a section titled “iOS Triage Process” which details a step-by-step process for breaking into a new version of iOS using tools like Saline, Adderall and Nightvision. According to the documents, Adderall is capable pull IPSW files and kernel cache from devices while NightVision can read kernel memory and get/put files as .tbz archives.
The CIA apparently has a team of more than 5,000 hackers working in its specially formed Mobile Development Branch unit on exploits to infect smartphones and other devices. These documents allegedly originate from the CIA’s Center for Cyber Intelligence.
To protect yourself from attacks, it’s always a good idea to keep your devices up to date. Besides, stay away from shady apps that may contain malware and avoid becoming a CIA target.