Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/24/2017
03:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago

New WikiLeaks data dump describes "Sonic Screwdriver," other CIA exploits for Mac desktops and iPhones

The Apple desktop and mobile product vulnerabilities that were revealed this week, in a WikiLeaks data dump of documents allegedly describing several secret CIA projects, were all fixed years ago, Apple said Friday.

The leaked information on the Apple vulnerabilities is from a larger collection of documents that WikiLeaks has dubbed "Vault 7," containing hitherto classified information on the CIA’s malware tools and hacking capabilities.

The documents show that the CIA’s Embedded Development Branch developed multiple techniques for breaking into Apple phones and desktops and gaining persistence on them.

One of the attacks was dubbed "Sonic Screwdriver" and was designed to let an attacker execute code on peripheral devices, like a USB stick, while a Mac laptop or desktop was booting. The method allowed an attacker to load attack software from a USB device even if a firmware password was enabled to prevent that from happening.

Another leaked document described an alleged CIA implant called “DarkSeaSkies" that was capable of persisting in the Extensible Firmware Interface (EFI) of an Apple MacBook Air system.

Also released this week was a document pertaining to Mac OS X malware developed by the CIA called Triton and an EFI-persistent version of the tool dubbed DerStarke. While some of the tools described in the dump date back to 2013, there is evidence that the CIA has continued to update and use some of the other tools, WikiLeaks claimed in a statement.

Included in the release are details of NightSkies 1.2, an implant for the Apple iPhone that was installed physically on new iPhones. The implant suggests the CIA infected the supply chain of its targets at least since 2008, the site claimed.

In a statement, Apple said the company’s preliminary assessment of the leaked documents shows that the alleged iPhone vulnerability that NightSkies exploited affected only the iPhone 3G and was fixed back in 2009 along with the release of the iPhone 3GS. “Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013,” the statement said.

As per its usual practice, WikiLeaks has not revealed how it obtained the Vault 7 documents. It has described the documents containing information on the CIA’s entire hacking arsenal. Many security experts believe an insider or insiders with privileged access to the documents provided them to WikiLeaks.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9342
PUBLISHED: 2020-02-22
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.
CVE-2020-9338
PUBLISHED: 2020-02-22
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
CVE-2020-9339
PUBLISHED: 2020-02-22
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
CVE-2020-9340
PUBLISHED: 2020-02-22
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
CVE-2020-9341
PUBLISHED: 2020-02-22
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.