Apple: Many of the iOS vulnerabilities in Wikileaks’ CIA data dump are already patched

“Wikileaks today published a trove of documents, allegedly taken from the CIA, that detail the government’s efforts to hack popular devices like iPhones, Android phones, and Samsung smart TVs,” Kate Conger reports for TechCrunch. “But Apple is pushing back against claims that the CIA’s hoarded vulnerabilities for its devices were effective.”

“Apple says that many of the iOS exploits in the Wikileaks dump have already been patched and it is working to address any new vulnerabilities,” Conger reports. “‘Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates,’ an Apple spokesperson said in a statement to TechCrunch.”

Read more in the full article here.

MacDailyNews Take: Great! So, what about macOS, Apple?

SEE ALSO:
WikiLeaks reveals CIA’s global covert hacking program targeting Apple iPhone, Google Android, Microsoft Windows and even Samsung TVs – March 7, 2017

29 Comments

    1. The CIA supposedly has an entire unit dedicated to cracking Apple’s iOS. If Apple doesn’t have the obverse, Tim’s words are probably deflection. Tim, please give us some impassioned verve about this topic ( and others).

      1. If history is any indication, every single vulnerability documented in this wikileak will be plugged by the end of this month. While Apple may not necessarily have a team of hackers whose sole purpose is to crack the iOS and uncover vulnerabilities, they have certainly shown to be reasonably proactive (often plugging many holes before exploit ever got a chance to be developed), and quite reactive (responding to exploits fairly quickly, once they are discovered).

        Their response time may vary depending on the time in the iPhone refresh cycle (with engineers shifting focus to finishing the new version of the iOS before the release), but they tend to be much more responsive than others (Google, MS).

            1. On the scale of trust, Cook is definitely higher than Snowden. I came to this conclusion based on observations of their statements and actions so far.

              Let us not forget; Snowden was granted asylum in Russia by Putin. I can’t possibly imagine Putin doing anything magnanimous and above board. There is no doubt in my mind, Snowden sold at least a part of his soul in order to get that asylum protection from the US clandestine agencies.

            2. You are naïve to think Snowden, for all he’s done (after all, he was just a whistleblower) deserves greater trust than Cook.

              As I said, there is no doubt that Snowden had to agree to many quite compromising things in order for Putin to grant him asylum in Russia. Whatever he had said before that sylum (which has likely been accurate), one now needs a healthy dose of skepticism to accept anything he says now at face value.

            1. • USA value: $123.8T.
              The financial position of the United States includes assets of at least $269.6 trillion (1576% of GDP) and debts of $145.8 trillion (852% of GDP) to produce a net worth of at least $123.8 trillion (723% of GDP) [a] as of Q1 2014.

              •Apple value: $700B.

    2. Duh. Every publicly traded company is deeply committed to the bottom line — it is their fiduciary duty to their shareholders!

      There are different ways that different companies go about that. Some (such as Microsoft) put a salesman in charge and expand sales by nickle-and-diming customers and milking every last drop out of their cash cow. Others pour resources into innovation, design and function, trying to build the best product, which in the end results in fanatically loyal customers (and a strong bottom line).

      Apple has, even before Cook, always shown uncompromising approach with respect to security. Cook didn’t change any of this; we’ve seen him state, adamantly, that privacy is one of the top concerns, they will continue to deliver encryption and protection from anyone, including governments.

      Whatever vulnerabilities and exploits this wikileak unearthed, I have no doubt Cook has assigned a team of engineers to plug them permanently, and you can expect an update next Tuesday (perhaps not as soon, but not much longer than that).

      An unrelated, but interesting bit of info is the fact that CIA has a special, dedicated team of iOS hackers to discover and develop exploits for iPhone/iPad vulnerabilities, despite its fairly low global market share (12% or so). Most news articles out there that are covering this story and mentioning this bit of info justify this level of interest in breaking the iOS by the assumption that “iOS is preferred by the global elite”; in other words, nobody of any consequence (with the exception of perhaps sitting US president) uses Android — they are all on iOS.

    3. Ummm… Yeah, because it was Steve who started stock buybacks, distributed dividends, matched employee donations, spent billions on R&D, invested billions in renewable energy… Oh wait that Cook’s “bottom line focused” Apple that did that. And it’s also the same Apple that fought the DoJ over creating a backdoor into iOS devices – because they’re not interested in security. Oh, and also the same Apple that handicaps their services by not gathering and hoarding every piece of data on their users – because they’re not interested in privacy.

      Just go away.

  1. This is a relief, thanks Apple for safe guarding people’s personal privacy against scum organizations who have nefarious intentions, even those from their home nation.

  2. There is no way for Apple to judge what the CIA or NSA or GCHQ or MOSAD have in their penetration arsenal at any one moment. Maybe the stuff the Wikileaks article alludes to has been addressed, but assuming this is an issue with a fixed number of vulnerabilities is a bit silly.

    The primary issue is the practice of not informing the technology companies of their problems.

    To me this seems like counterproductive behavior for organizations that are supposed to be ensuring our security. They are instead exploiting our lack of security by leaving us vulnerable.

    #biggovernment

    1. That is a bit idealistic. These clandestine services of all stripes and colours have one prevailing goal: to be able to conduct surveillance on anyone at any place when needed. There is no way in hell CIA will warn Apple about a vulnerability their expert hacker team had discovered, if that vulnerability allows them to read Angela Merkel’s texts or listen in on Recep Tayyip Erdoğan’s phone calls.

      None of these services is really concerned that much (or at all) about anyone’s privacy. Their whole mindset is pursuit of ability to conduct surveillance on ANYONE at ANY TIME, ANYWHERE. Any obstacle towards that is, for them, a problem.

    2. And as for the current trove of exploits as leaked by Wikileaks, I would guess (without taking the time to read through thousands of pages of leaks) the exploits documented in there have been the cumulative result of months and years of work by this hacking group at CIA. If Apple plugs all of them soon, that work now must begin from scratch.

      This has always been a cat-and-mouse game (or a whack-a-mole, if you prefer), but at least with this one, Apple will be able to clean the slate for a while.

  3. Apple’s comment is that “many” of the exploits have been patched, not “most”. I’d imagine they’d say “most” if they could, suggesting that the majority of the exploits may NOT be patched yet.

    1. Looks like MacDailyNews has updated their headline to more accurately read “many” rather than “most”, making my comment above look a little silly, but TechCrunch hasn’t (yet) updated theirs.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.