Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/24/2017
03:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago

New WikiLeaks data dump describes "Sonic Screwdriver," other CIA exploits for Mac desktops and iPhones

The Apple desktop and mobile product vulnerabilities that were revealed this week, in a WikiLeaks data dump of documents allegedly describing several secret CIA projects, were all fixed years ago, Apple said Friday.

The leaked information on the Apple vulnerabilities is from a larger collection of documents that WikiLeaks has dubbed "Vault 7," containing hitherto classified information on the CIA’s malware tools and hacking capabilities.

The documents show that the CIA’s Embedded Development Branch developed multiple techniques for breaking into Apple phones and desktops and gaining persistence on them.

One of the attacks was dubbed "Sonic Screwdriver" and was designed to let an attacker execute code on peripheral devices, like a USB stick, while a Mac laptop or desktop was booting. The method allowed an attacker to load attack software from a USB device even if a firmware password was enabled to prevent that from happening.

Another leaked document described an alleged CIA implant called “DarkSeaSkies" that was capable of persisting in the Extensible Firmware Interface (EFI) of an Apple MacBook Air system.

Also released this week was a document pertaining to Mac OS X malware developed by the CIA called Triton and an EFI-persistent version of the tool dubbed DerStarke. While some of the tools described in the dump date back to 2013, there is evidence that the CIA has continued to update and use some of the other tools, WikiLeaks claimed in a statement.

Included in the release are details of NightSkies 1.2, an implant for the Apple iPhone that was installed physically on new iPhones. The implant suggests the CIA infected the supply chain of its targets at least since 2008, the site claimed.

In a statement, Apple said the company’s preliminary assessment of the leaked documents shows that the alleged iPhone vulnerability that NightSkies exploited affected only the iPhone 3G and was fixed back in 2009 along with the release of the iPhone 3GS. “Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013,” the statement said.

As per its usual practice, WikiLeaks has not revealed how it obtained the Vault 7 documents. It has described the documents containing information on the CIA’s entire hacking arsenal. Many security experts believe an insider or insiders with privileged access to the documents provided them to WikiLeaks.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5735
PUBLISHED: 2020-04-08
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
CVE-2020-5736
PUBLISHED: 2020-04-08
Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
CVE-2017-18646
PUBLISHED: 2020-04-08
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017).
CVE-2020-5549
PUBLISHED: 2020-04-08
Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5550
PUBLISHED: 2020-04-08
Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier, and Enterprise Ver. 2.0.1 and earlier allows remote attackers to impersonate a registered user and log in the management console, that may result in information alteration/disclosure via unspecified vectors.