Apple says 'many' exploits revealed in CIA leak already patched in latest iOS version

Posted:
in iPhone edited March 2017
Apple late Tuesday issued a response to the WikiLeaks CIA data dump, saying "many" of the supposed iOS exploits have already been addressed in the most recent version of its flagship mobile operating system.




In a statement issued to news outlets, and subsequently posted to Twitter by BuzzFeed's John Paczkowski, Apple says the latest public version of iOS, released in January, contains patches for critical flaws outlined in today's WikiLeaks dump.

Further, the company is working on fixes for newly discovered vulnerabilities. As can be expected, Apple did not reveal which exploits have yet to be patched.
Apple is deeply committed to safeguarding our customers' privacy and security. The technology built into today's iPhone represents the best data security available to consumers, and we're constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.
Earlier today, WikiLeaks published a trove of documents allegedly originating from the CIA's Center for Cyber Intelligence. Among the various cyber intrusion techniques outlined in the so-called "Vault 7" release are 14 iOS exploits that range from basic surveillance to remote device command and control.

The documents suggest the CCI developed certain spy tools in-house while hoarding other assets purchased on the open market or gathered through interagency sharing with the FBI, NSA and UK's GCHQ. Along with the iOS-specific exploits, the CIA documents reveal code for infiltrating Android devices and Samsung smart TVs.

Wikileaks alleges nearly all of the CIA's hacking tools were stolen, which is how the group obtained the documents published today. Technical details and computer code were left unpublished to protect against wide dissemination, WikiLeaks said. The group might choose to release some or all of the CIA's hacking arsenal at a later date.
«1

Comments

  • Reply 1 of 30
    ...perhaps Apple can offer customers an opt out or off switch for the image, location and facial recognition tagging always on in Photos...? Aside from possibly unwanted resource use, is the auto indexing of everything personal (from pumpkins to Grandma) on iOS or MacOS an obvious privacy and privacy risk concern...?
    edited March 2017 avon b7
  • Reply 2 of 30
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
  • Reply 3 of 30
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
    You do realize that Darwin is open-source? 
    indyfxjkichlinesphericdaventdknoxdamn_its_hotgilly017lolliverwatto_cobra
  • Reply 4 of 30
    SoliSoli Posts: 7,678member
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
    It didn't take long for the conspiracy, nut job comments to appear.
    Mikeymikefotoformatstanthemanlostkiwiindyfxpscooter63baconstangsmiffy31GeorgeBMacjkichline
  • Reply 5 of 30
    MikeymikeMikeymike Posts: 102member
    Soli said:
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
    It didn't take long for the conspiracy, nut job comments to appear.
    It never does...
    gilly017watto_cobra
  • Reply 6 of 30
    DonvermoDonvermo Posts: 61member
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
    Nor will there ever be. Electronic devices are designed, built and programmed by humans, each stage leaves opportunities for (intentional) mistakes.
    You can make it really, really, really hard for someone to get in but as long as you yourself can than someone else can too.
    At least we know that iOS had actually been aimed at protecting the user as much as possible for a long time now, meanwhile Android still faces many more issues because of fundamental design flaws that ensure it will take forever before Android users will get even close to running the latest version. Android being open-source didn't help with that and over reliance on Google Play services made it worse.
    edited March 2017 baconstangtdknoxgilly017lolliverwatto_cobra
  • Reply 7 of 30
    redefilerredefiler Posts: 323member
    I think Apple's resistance to the FBI's backdooring demands in the San Bernardino terror case will serve them well in this scandal.

    In light of this information about serious intelligence agency malfeasance they were right to take the high moral stance.  The government can't be trusted not to create and foster exploits, much less maintain security on their secret hacking methods and personnel.

    I really hope there has been no collusion between Apple and this illegal CIA hacking group. 
    Solidouglas baileyStrangeDaysdamn_its_hotDaekwanwatto_cobra
  • Reply 8 of 30
    SoliSoli Posts: 7,678member
    redefiler said:
    I think Apple's resistance to the FBI's backdooring demands in the San Bernardino terror case will serve them well in this scandal.

    In light of this information about serious intelligence agency malfeasance they were right to take the high moral stance.  The government can't be trusted not to create and foster exploits, much less maintain security on their secret hacking methods and personnel.
    I had the same thought. This should also be a small bump for Apple products in general, but also for increased support for HomeKit's stringent security requirements.
    edited March 2017 lolliverwatto_cobra
  • Reply 9 of 30
    avon b7avon b7 Posts: 2,333member
    Donvermo said:
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
    Nor will there ever be. Electronic devices are designed, built and programmed by humans, each stage leaves opportunities for (intentional) mistakes.
    You can make it really, really, really hard for someone to get in but as long as you yourself can than someone else can too.
    At least we know that iOS had actually been aimed at protecting the user as much as possible for a long time now, meanwhile Android still faces many more issues because of fundamental design flaws that ensure it will take forever before Android users will get even close to running the latest version. Android being open-source didn't help with that and over reliance on Google Play services made it worse.
    Snooping has always existed. It's an age old technique but snooping (from an intelligence perspective) isn't enough. Information must be verified and contrasted. People who know they are being snooped on will fill your bucket with conflicting or false information or information that is simply 'coded' in some fashion.

    No one should be surprised that TV's, cameras and phones can be hijacked or otherwise interfered with.

    Nor should people start blustering when they learn that government security agencies have and use what they have available to them.

    The reality is that most of us are simply too insignificant to matter to anyone. Something different is if a commercial organisation is trying to use similar methods for some kind of gain (advertising, profile filtering, insurance companies, manipulation etc). We have data protection for those cases.

    Government snooping is a necessary evil in the modern world but for the vast majority it shouldn't be cause for concern.
    GeorgeBMacdewme
  • Reply 10 of 30
    adm1adm1 Posts: 839member
    avon b7 said:

    Government snooping is a necessary evil in the modern world but for the vast majority it shouldn't be cause for concern.
    Generally yes, but when it's used for political gain or to sway public opinion then that IS affecting the insignificant majority. The "umbrage" part of the leak I found the most interesting, that the CIA collects exploits and hacks from others (russia, china etc.) and uses them to hide it's tracks and incriminate others.
    propodlostkiwi
  • Reply 11 of 30
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
    The kernel, and cryptography used in Apple devices are open source, and have been independently evaluated. Have been for years.

    That covers almost all of the anti-exploitation measures in the platform - there is some stuff like the Secure Enclave , Lightning connector, and TouchID that are only black box tested as they are proprietary.

    Could Apple do more ? Yep. But they are really one of the better vendors in terms of , at least where it is measurable, actually apparently doing what they say they do.
    propodtdknoxlostkiwilolliverwatto_cobra
  • Reply 12 of 30
    GeorgeBMacGeorgeBMac Posts: 2,356member
    adm1 said:
    avon b7 said:

    Government snooping is a necessary evil in the modern world but for the vast majority it shouldn't be cause for concern.
    Generally yes, but when it's used for political gain or to sway public opinion then that IS affecting the insignificant majority. The "umbrage" part of the leak I found the most interesting, that the CIA collects exploits and hacks from others (russia, china etc.) and uses them to hide it's tracks and incriminate others.
    MORE conspiracy theories?
  • Reply 13 of 30
    jkichlinejkichline Posts: 1,290member
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
    Yeah, because that's worked out so well for other open source projects... http://heartbleed.com

    I imagine you spend all day, every day poring over open-source code, evaluating it for vulnerabilities and evaluating it for the infinite number of attack vectors that exist then?  If so, maybe you could get a job at Apple and get paid to do that. Capitalism is a wonderful thing. So is the value of intellectual property.

    Also... much of iOS is already open-sourced.  You can thank Apple for things like WebKit, Darwin, etc...
    lostkiwigilly017lolliverwatto_cobra
  • Reply 14 of 30
    gunner1954gunner1954 Posts: 138member
    adm1 said:
    avon b7 said:

    Government snooping is a necessary evil in the modern world but for the vast majority it shouldn't be cause for concern.
    Generally yes, but when it's used for political gain or to sway public opinion then that IS affecting the insignificant majority. The "umbrage" part of the leak I found the most interesting, that the CIA collects exploits and hacks from others (russia, china etc.) and uses them to hide it's tracks and incriminate others.
    So, the Russians actually didn't hack the DNC? The CIA only made it appear like the Russians did it! Can't trust anything nor anyone, especially politicians, these days.
    gilly017
  • Reply 15 of 30
    MacProMacPro Posts: 17,382member
    adm1 said:
    avon b7 said:

    Government snooping is a necessary evil in the modern world but for the vast majority it shouldn't be cause for concern.
    Generally yes, but when it's used for political gain or to sway public opinion then that IS affecting the insignificant majority. The "umbrage" part of the leak I found the most interesting, that the CIA collects exploits and hacks from others (russia, china etc.) and uses them to hide it's tracks and incriminate others.
    So, the Russians actually didn't hack the DNC? The CIA only made it appear like the Russians did it! Can't trust anything nor anyone, especially politicians, these days.
    From what I hear most of them say, most politicians in this country can barely use a computer so I doubt we need to worry about them really. Now the power the intelligence communities have is pretty advanced. I guess it comes down to making sure the politician they answer to is highly intelligent, well educated, thoughtful....  Oh damn!
    edited March 2017 lostkiwi
  • Reply 16 of 30
    MacProMacPro Posts: 17,382member
    adm1 said:
    avon b7 said:

    Government snooping is a necessary evil in the modern world but for the vast majority it shouldn't be cause for concern.
    Generally yes, but when it's used for political gain or to sway public opinion then that IS affecting the insignificant majority. The "umbrage" part of the leak I found the most interesting, that the CIA collects exploits and hacks from others (russia, china etc.) and uses them to hide it's tracks and incriminate others.
    So, the Russians actually didn't hack the DNC? The CIA only made it appear like the Russians did it! Can't trust anything nor anyone, especially politicians, these days.
    Second stab at this ...  Assuming the Russians are just as advanced it could be they made it look like the CIA framed them. I was going to smile there then thought Cheese and Crackers, maybe they did!  Actually it all makes me worry that Kaspersky is really a department of the FSB! Imagine that, all those PCs sending data back for years!
    edited March 2017
  • Reply 17 of 30
    foggyhillfoggyhill Posts: 4,692member
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
    Right... Open source millions of fucking lines of codes and then magically all will be resolved....
     That's the ticket... Sure works wonder for well, no one really.

    It is more secure in theory, but not in practice cause those theoretical millions of eyes (sic) pouring over the code is doing something else were they actually get paid....

    A lot of open source libs have had bugs for up to a decade, the people even checking over checked in code is remarkably small (and that's code they actually wrote and is well documented in theory).

    Also, most exploits really on unique suite of circumstances to work and often even need to start from an unlocked phone (already unencrypted).

    If say the FBI gets a locked phone of yours, the software options they have are probably very very small if not non existent.
    A locked phone mostly needs a hardware attack and physical access to the phone and that costs millions.

    If your phone is that valuable and you are that great a target, then no amount of protection will likely help you. They'll use all resources to get to you including bugging and filming everything you do and snatching the phone from your hands.
    propod
  • Reply 18 of 30
    StrangeDaysStrangeDays Posts: 4,936member
    redefiler said:

    I really hope there has been no collusion between Apple and this illegal CIA hacking group. 
    What?? You're suggesting Apple could be a secret partner of state sponsored hacking? Uh no.
    lolliver
  • Reply 19 of 30
    StrangeDaysStrangeDays Posts: 4,936member

    avon b7 said:
    Donvermo said:
    Yeah at this point, I don't believe Apple at all that they patched these exploits. Open source your code or I'm calling BS. Today's leaks prove only one thing, that no electronic device in major use today is safe from hacking/snooping.
    Nor will there ever be. Electronic devices are designed, built and programmed by humans, each stage leaves opportunities for (intentional) mistakes.
    You can make it really, really, really hard for someone to get in but as long as you yourself can than someone else can too.
    At least we know that iOS had actually been aimed at protecting the user as much as possible for a long time now, meanwhile Android still faces many more issues because of fundamental design flaws that ensure it will take forever before Android users will get even close to running the latest version. Android being open-source didn't help with that and over reliance on Google Play services made it worse.

    No one should be surprised that TV's, cameras and phones can be hijacked or otherwise interfered with.

    Nor should people start blustering when they learn that government security agencies have and use what they have available to them.

    The reality is that most of us are simply too insignificant to matter to anyone. Something different is if a commercial organisation is trying to use similar methods for some kind of gain (advertising, profile filtering, insurance companies, manipulation etc). We have data protection for those cases.

    Government snooping is a necessary evil in the modern world but for the vast majority it shouldn't be cause for concern.
    Total nonsense. Responsable citizenry should of course be concerned when departments of our government begin working outside their charter and illegally. They are accountable to us, not the other way round.

    There is nothing unique about the "modern world" that means the government should have cart blanche to do whatever it wants. Same as it ever was.
    lostkiwipropod
  • Reply 20 of 30
    idreyidrey Posts: 640member
    This statement by Apple doesn't surprise me and I do think some of those vulnerabilities has been already patched. Apple updates their software very frequently. I was actually thinking that Apple most have already fixed some of those issues just by doing the regular updates. I do think that Apple have a lot to learn here and to better in its security. So this is all good. 
Sign In or Register to comment.