Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago

New WikiLeaks data dump describes "Sonic Screwdriver," other CIA exploits for Mac desktops and iPhones

2 Min Read
Dark Reading logo in a gray background | Dark Reading

The Apple desktop and mobile product vulnerabilities that were revealed this week, in a WikiLeaks data dump of documents allegedly describing several secret CIA projects, were all fixed years ago, Apple said Friday.

The leaked information on the Apple vulnerabilities is from a larger collection of documents that WikiLeaks has dubbed "Vault 7," containing hitherto classified information on the CIA’s malware tools and hacking capabilities.

The documents show that the CIA’s Embedded Development Branch developed multiple techniques for breaking into Apple phones and desktops and gaining persistence on them.

One of the attacks was dubbed "Sonic Screwdriver" and was designed to let an attacker execute code on peripheral devices, like a USB stick, while a Mac laptop or desktop was booting. The method allowed an attacker to load attack software from a USB device even if a firmware password was enabled to prevent that from happening.

Another leaked document described an alleged CIA implant called “DarkSeaSkies" that was capable of persisting in the Extensible Firmware Interface (EFI) of an Apple MacBook Air system.

Also released this week was a document pertaining to Mac OS X malware developed by the CIA called Triton and an EFI-persistent version of the tool dubbed DerStarke. While some of the tools described in the dump date back to 2013, there is evidence that the CIA has continued to update and use some of the other tools, WikiLeaks claimed in a statement.

Included in the release are details of NightSkies 1.2, an implant for the Apple iPhone that was installed physically on new iPhones. The implant suggests the CIA infected the supply chain of its targets at least since 2008, the site claimed.

In a statement, Apple said the company’s preliminary assessment of the leaked documents shows that the alleged iPhone vulnerability that NightSkies exploited affected only the iPhone 3G and was fixed back in 2009 along with the release of the iPhone 3GS. “Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013,” the statement said.

As per its usual practice, WikiLeaks has not revealed how it obtained the Vault 7 documents. It has described the documents containing information on the CIA’s entire hacking arsenal. Many security experts believe an insider or insiders with privileged access to the documents provided them to WikiLeaks.

Related stories:

 

About the Author

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights