As part of WikiLeaks’ “Vault 7” releases detailing various CIA-developed exploits targeting computers and mobile devices, the non-profit organization today shared a pair of new exploits, called “Achilles” and “SeaPea” and developed under the code-name “Imperial”.
Both exploits were tested on older Macs running OS X Snow Leopard and Lion.
The “Achilles” exploit lets an attacker inject code into disk image installers (.DMG) files commonly used on Macs. As a result, an unsuspecting user could download an infested disk installer on their Mac, open it and install the software without being aware of the attack.
The first time the newly installed app is launched, CIA’s code would run as well. The injected code is then securely removed from the installed app so that it would “exactly resemble” the original app, making it hard if not difficult for antivirus software to detect any changes.
The “SeaPea” exploit, described as a Rootkit for OS X, gives a CIA operator stealth and tool launching capabilities by hiding important process and socket connects from the users.
It requires root access to be installed on a target Mac and cannot be removed unless the startup disk is erased or the computer is upgraded to the next major OS version.
Both exploits were tested on OS X Lion and Snow Leopard, which are older versions of OS X released years ago. It’s unclear if Apple has patched the vulnerabilities because the company has not commented on the latest CIA exploits.
In the past, Apple patched published CIA exploits within days.