WikiLeaks yesterday published a new batch of internal CIA documents which highlighted some of the hacks and programs that the spy organization has been developing internally for years. Those tools were specifically designed to infest Apple’s all-in-one iMac desktop and MacBook notebooks if an agent was able to gain physical access to the device.
One of the methods involved utilized patched Thunderbolt EFI exploit. Apple told TechCrunch that the documents detail old exploits fixed years ago.
Here’s Apple’s statement:
We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.
We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.
To protect your gadgets from remote intrusion, be sure your devices are running the latest version of the operating system. Apple is quick to patch known and unknown vulnerabilities in its software so that’s the least you can do in order to stay safe.
On your iOS devices, use a six-digit passcode (even better, use an alphanumeric password) that’s harder to crack.
Enable Two-Factor Authentication as an additional layer of security for your Apple ID and iCloud accounts. In macOS, enable Apple’s FileVault disk encryption and set up a firmware password which prevents those with physical access to the computer to boot your Mac in Recovery Mode in order to reset your macOS password.
Last week, WikiLeaks documented the CIA’s “Year Zero” tools that the spy organization has been allegedly using to breach iPhones, iPads, Windows, smart TVs and other devices. Soon after, Apple said that many of the exploits revealed in that leak have already been patched in the latest version of iOS.
The company is working around the clock to address any remaining exploits.