Menu
Apple: Macs and iPhones are safe from newly revealed CIA exploits

Apple: Macs and iPhones are safe from newly revealed CIA exploits

The iPhone vulnerability was patched in 2009 and the Mac holes were fixed in 2013, Apple said

IDG

IDG

The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple.

WikiLeaks released a new set of files Thursday that supposedly came from the CIA. They contain details about the agency’s alleged malware and attack capabilities against iPhones and Mac computers.

The documents, dated 2012 and earlier, describe several “implants” that the CIA can install in the low-level extensible firmware interface (EFI) of Mac laptop and desktop computers. These EFI rootkits allow the agency's macOS spying malware to persist even after the OS is reinstalled.

According to WikiLeaks, the documents also describe an implant that the CIA can load onto factory-fresh iPhones through “interdiction” -- the interception and manipulation of electronics shipments on their way to the final buyer.

Based on Apple's preliminary analysis of the new WikiLeaks disclosures, the iPhone vulnerability described in the files affected only the iPhone 3G and was fixed in 2009 with the release of the iPhone 3GS, an Apple representative said in an emailed statement.

The Mac-related vulnerabilities were fixed in all Mac computers released after 2013, the representative said.

WikiLeaks said it would share unpublished details about vulnerabilities from the CIA's arsenal with technology vendors whose products were affected. However, it wants vendors to agree to certain terms first, including a 90-day patch deadline.

Apple appears unwilling to negotiate and claims that so far it has not received any information aside from what WikiLeaks has already published.

“We have not negotiated with Wikileaks for any information,” the Apple representative said. “We have given them instructions to submit any information they wish through our normal process under our standard terms. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.”


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintained Showcase 2018 momentum in Wellington, hosting more than 40 vendors at TSB Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro maintains Showcase 2018 momentum in Wellington
Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro kickstarted Showcase 2018 in Christchurch, hosting more than 40 vendors at Horncastle Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro launches Showcase 2018 in Christchurch
Data breach notification laws in NZ: How can partners prepare?

Data breach notification laws in NZ: How can partners prepare?

This exclusive Reseller News Roundtable outlined the responsibilities facing security partners today, assessing risk while evaluating the role of the vendor in providing added layers of protection.

Data breach notification laws in NZ: How can partners prepare?
Show Comments