Apple says 'many' exploits revealed in CIA leak already patched in latest iOS version
Apple late Tuesday issued a response to the WikiLeaks CIA data dump, saying "many" of the supposed iOS exploits have already been addressed in the most recent version of its flagship mobile operating system.
In a statement issued to news outlets, and subsequently posted to Twitter by BuzzFeed's John Paczkowski, Apple says the latest public version of iOS, released in January, contains patches for critical flaws outlined in today's WikiLeaks dump.
Further, the company is working on fixes for newly discovered vulnerabilities. As can be expected, Apple did not reveal which exploits have yet to be patched.
The documents suggest the CCI developed certain spy tools in-house while hoarding other assets purchased on the open market or gathered through interagency sharing with the FBI, NSA and UK's GCHQ. Along with the iOS-specific exploits, the CIA documents reveal code for infiltrating Android devices and Samsung smart TVs.
Wikileaks alleges nearly all of the CIA's hacking tools were stolen, which is how the group obtained the documents published today. Technical details and computer code were left unpublished to protect against wide dissemination, WikiLeaks said. The group might choose to release some or all of the CIA's hacking arsenal at a later date.
In a statement issued to news outlets, and subsequently posted to Twitter by BuzzFeed's John Paczkowski, Apple says the latest public version of iOS, released in January, contains patches for critical flaws outlined in today's WikiLeaks dump.
Further, the company is working on fixes for newly discovered vulnerabilities. As can be expected, Apple did not reveal which exploits have yet to be patched.
Earlier today, WikiLeaks published a trove of documents allegedly originating from the CIA's Center for Cyber Intelligence. Among the various cyber intrusion techniques outlined in the so-called "Vault 7" release are 14 iOS exploits that range from basic surveillance to remote device command and control.Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.
The documents suggest the CCI developed certain spy tools in-house while hoarding other assets purchased on the open market or gathered through interagency sharing with the FBI, NSA and UK's GCHQ. Along with the iOS-specific exploits, the CIA documents reveal code for infiltrating Android devices and Samsung smart TVs.
Wikileaks alleges nearly all of the CIA's hacking tools were stolen, which is how the group obtained the documents published today. Technical details and computer code were left unpublished to protect against wide dissemination, WikiLeaks said. The group might choose to release some or all of the CIA's hacking arsenal at a later date.
Comments
You can make it really, really, really hard for someone to get in but as long as you yourself can than someone else can too.
At least we know that iOS had actually been aimed at protecting the user as much as possible for a long time now, meanwhile Android still faces many more issues because of fundamental design flaws that ensure it will take forever before Android users will get even close to running the latest version. Android being open-source didn't help with that and over reliance on Google Play services made it worse.
In light of this information about serious intelligence agency malfeasance they were right to take the high moral stance. The government can't be trusted not to create and foster exploits, much less maintain security on their secret hacking methods and personnel.
I really hope there has been no collusion between Apple and this illegal CIA hacking group.
No one should be surprised that TV's, cameras and phones can be hijacked or otherwise interfered with.
Nor should people start blustering when they learn that government security agencies have and use what they have available to them.
The reality is that most of us are simply too insignificant to matter to anyone. Something different is if a commercial organisation is trying to use similar methods for some kind of gain (advertising, profile filtering, insurance companies, manipulation etc). We have data protection for those cases.
Government snooping is a necessary evil in the modern world but for the vast majority it shouldn't be cause for concern.
That covers almost all of the anti-exploitation measures in the platform - there is some stuff like the Secure Enclave , Lightning connector, and TouchID that are only black box tested as they are proprietary.
Could Apple do more ? Yep. But they are really one of the better vendors in terms of , at least where it is measurable, actually apparently doing what they say they do.
I imagine you spend all day, every day poring over open-source code, evaluating it for vulnerabilities and evaluating it for the infinite number of attack vectors that exist then? If so, maybe you could get a job at Apple and get paid to do that. Capitalism is a wonderful thing. So is the value of intellectual property.
Also... much of iOS is already open-sourced. You can thank Apple for things like WebKit, Darwin, etc...
That's the ticket... Sure works wonder for well, no one really.
It is more secure in theory, but not in practice cause those theoretical millions of eyes (sic) pouring over the code is doing something else were they actually get paid....
A lot of open source libs have had bugs for up to a decade, the people even checking over checked in code is remarkably small (and that's code they actually wrote and is well documented in theory).
Also, most exploits really on unique suite of circumstances to work and often even need to start from an unlocked phone (already unencrypted).
If say the FBI gets a locked phone of yours, the software options they have are probably very very small if not non existent.
A locked phone mostly needs a hardware attack and physical access to the phone and that costs millions.
If your phone is that valuable and you are that great a target, then no amount of protection will likely help you. They'll use all resources to get to you including bugging and filming everything you do and snatching the phone from your hands.
Total nonsense. Responsable citizenry should of course be concerned when departments of our government begin working outside their charter and illegally. They are accountable to us, not the other way round.
There is nothing unique about the "modern world" that means the government should have cart blanche to do whatever it wants. Same as it ever was.