Earlier this month WikiLeaks made the headlines releasing what claimed to be leaked secret CIA documents detailing methods by which it exploited vulnerabilities and used hacking tools to spy upon persons of interest.
The “Vault 7” press release issued by WikiLeaks included allegations that the CIA had developed methods to secretly listen in on smartphone and smart TV microphones.
Technology firms including Apple, Samsung and Microsoft responded to the allegations by claiming that they would vigorously investigate any reported weaknesses, and requesting that the organisation headed by Julian Assange responsibly disclose any technical details they might have of security flaws.
According to media reports, however, WikiLeaks wasn’t entirely comfortable with sharing information without stipulating a few demands of its own – including its wish to exercise its right to make details of the flaws public if they were not fixed by vendors within 90 days.
Yesterday WikiLeaks continued its “Vault 7” revelations, sharing specific details of the CIA’s efforts to spy specifically on iOS and Mac users – albeit when agents had managed to gain physical access to their intended target’s devices.
Is it time for Apple users to run to the hills in a blind panic that their treasured devices can no longer be trusted?
Because, as TechCrunch reports, Apple seems a little… well… underwhelmed by what WikiLeaks decided to serve up to the world, as shown by an official statement from the company:
“We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.”
In addition, Apple made clear that from what it had seen so far, WikiLeaks’s revelations were far from zero-day vulnerabilities – having been known about in the public domain for years and fixed many moons ago:
“We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.”
Obviously Apple is keen to distance itself from those who might have stolen the information from the CIA, but is also keen to ensure that the security and privacy of its users around the world is preserved.
For now, it looks like Apple isn’t planning any urgent security updates – but I think we can rest assured that if they do come across something new that they will work hard to defend their customers.
Source: WeLiveSecurity Link: https://www.welivesecurity.com/2017/03/24/apple-underwhelmed-latest-cia-exploits-revealed-wikileaks/