“Apple issued a strong statement on Friday after Wikileaks released a handful of documents about Central Intelligence Agency (CIA) malware for iPhones and Macs, saying it was all old material that the Cupertino giant had addressed,” Thomas Fox-Brewster reports for Forbes. “But it also issued the toughest statement yet from a tech firm on Wikileaks’ demands about how they address the vulnerabilities it claims to have exposed, saying it hadn’t negotiated with Julian Assange’s organization.”
“After a preliminary assessment of the Dark Matter release from Thursday morning, Apple said the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released in 2008,” Fox-Brewster reports. “‘Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013,’ a spokesperson said… ‘We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms,’ the spokesperson added… Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.'”
Fox-Brewster reports, “Wikileaks wasn’t impressed with Apple’s response.”
Apple's claim that it has "fixed" all "vulnerabilities" described in DARKMATTER is duplicitous. EFI is a systemic problem, not a zero-day.
— WikiLeaks (@wikileaks) March 24, 2017
Read more in the full article here.
MacDailyNews Take: Note that, as with the iPhone, the Mac exploits revealed by Wikileaks require physical access.
SEE ALSO:
New WikiLeaks’ Vault 7 data dump shows the CIA’s Mac firmware attacks – March 23, 2017
New WikiLeaks Vault 7 ‘Dark Matter’ leak claims CIA bugs ‘factory fresh’ iPhones, infects Mac firmware – March 23, 2017
“MacDailyNews Take: Note that, as with the iPhone, the Mac exploits revealed by Wikileaks require physical access.”
True. However, unfortunately it seems in at least some cases (if not many) to have already occurred in the supply chain before even making it to the end customer….
Apple closed the ability of anything coming through the Thunderbolt port to amend the EFI and Firmware last year. That strikes me as addressing the vulnerability described in the Wikileaks exploit where the CIA’s physical access and a dongle plug in changes the boot sequence to add their spyware is the modality of compromising the computer. That means that Apple has indeed already addressed the vulnerability in amending the Firmware via port access by peripherals (Thunderbolt to Ethernet adaptor) that Wikileaks is referring to. Apple pushed out the updated that fixed this last year.
For the iPhones, the 2008 documents is referring to iPhones that were basically totally unprotected to the type of attack outlined. It would work on models up through Apple’s changes that have been made starting with the addition of the Secure Enclave. That makes the approach that is described a non-starter for modern iPhones and iPads. There is nothing described in what has been released that appears would work with modern iOS devices. We are talking NINE YEAR OLD documents. . . and the assumption that they’ve been updated to include modern iOS devices with ZERO evidence in what has been released. That same level of evidence of iPhone invasion was released by Edward Snowden three years ago or so, using the SAME physical access methodology, i.e. intercept the iPhone before it is delivered or surreptitiously access the owner’s iPhone, and install spyware that will allow monitoring of conversations, email, and messaging. This is OLD NEWS.
Normally an OS upgrade does not also reflash the firmware as far as I know. Perhaps Apple has released some firmware update tool/SW that users had to download and apply? If that hasn’t happened doesn’t it also mean that Macs prior to the firmware fix are still vulnerable to the Thunderbolt dongle exploit?
I did not say that Apple does it regularly. But Apple did fix the problem with the port problem last year by pushing out a fix. . . and Apple has sent out firmware updates before, sometimes for specific models, sometimes for all Macs or iPhones.
Ah, good the fix went out. Was it something the user had to apply or did it just get applied the next time they connected to Apple or the Internet? If the former, there may still be Macs out there vulnerable to the exploit.
Well said Apple, keep being vigilant against those threats against personal privacy.
3G iPhone isn’t even running the latest IOS so whatever issues it has really doesn’t matter anymore anyways. Latest IOS it maybe able to run is IOS 5. Wiki is worrying about ancient technology.
Wikileaks isn’t worrying about anything for us. They are a political organization that has recently been aligning with Russian propaganda and fighting to stay relevant in the news.
Absolutely. Like the American president, WikiLeaks is a tool in Putin’s Active Measures arsenal.
That’s what happens when you steal information from the CIA that is not relevant to the real world. Holding back information so you can continue to deliver gotchya’s for years doesn’t work so well in the computer era, your information quickly becomes a historical click on someone’s history website.
Wait, Wiki leaks and their lying bastard leader Assange, a sworn enemy of the United States and world class child molester is calling someone else duplicitous. Wow! I think Assange should do the honorable thing and turn himself in so that he can get the fair trial he would not give anyone else.
LOL – so much absolutely wrong in a single post.
Oh, wait, maybe Assange leaves his hideout regularly to physically mess with everyone’s Macs or iPhones.
Does this mean that 2013 Macs and older still have this vulnerability? Sierra is supported as far back as late 2009 iMacs, right? Please advise.