Apple said yesterday that “many” CIA exploits revealed in WikiLeaks’ dump codenamed “Vault 7” are already patched in the latest version of iOS. As for the remaining exploits, Apple engineers are working to address them as well, according to The Wall Street Journal on Thursday.
A person familiar with the situation told the paper that Apple engineers have been coordinating the company’s response to this new security threat.
There’s just one “minor” problem: the 8,761 documents in the WikiLeaks dump reportedly amount to just one percent of the the material the non-profit organization holds. “If it is the case that they have so much more, that, I think, will have a lot of people quite nervous,” said Thomas Rid, a professor of security studies with King’s College London.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue to work rapidly address any identified vulnerabilities,” Apple said in Tuesday.
WikiLeaks earlier this week published documents, purportedly taken from the CIA, describing the spy agency’s tactics and intrusion capabilities for computers and other gadgets like routers, televisions and mobile devices, including iPhones and iPads.
Companies like Apple, Google, Microsoft and others affected by the leak believe that at least two organizations have access to hacking code that exploits their products, the CIA and WikiLeaks. The problem is, neither one is sharing this software, making it difficult for technology giants to fix any potential exploits.
consideration for those writing about CIA leaks: you may want to see what those who work in infosec are saying instead of sensationalizing.
— Will Strafach (@chronic) March 9, 2017
Networking equipment maker Cisco, for example, said that without more information on the exact tools and malware involved, the scope of action that can be taken is “limited.” For what it’s worth, iOS hacker Will Strafach aka Chronic said that by definition, any jailbreakable devices will be exploitable.
He called the latest Wall Street Journal report “incredibly misleading” and explained to BGR that nothing in the CIA dump threatens up-to-date iPhones and iPads so consider sending this to anyone asking if they should worry.
“We always urge customers to download the latest iOS to make sure they have the most recent security updates,” Apple said two days ago.
Source: The Wall Street Journal