The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple.
WikiLeaks released a new set of files Thursday that supposedly came from the CIA. They contain details about the agency’s alleged malware and attack capabilities against iPhones and Mac computers.
The documents, dated 2012 and earlier, describe several “implants” that the CIA can install in the low-level extensible firmware interface (EFI) of Mac laptop and desktop computers. These EFI rootkits allow the agency's macOS spying malware to persist even after the OS is reinstalled.
According to WikiLeaks, the documents also describe an implant that the CIA can load onto factory-fresh iPhones through “interdiction” -- the interception and manipulation of electronics shipments on their way to the final buyer.
Based on Apple's preliminary analysis of the new WikiLeaks disclosures, the iPhone vulnerability described in the files affected only the iPhone 3G and was fixed in 2009 with the release of the iPhone 3GS, an Apple representative said in an emailed statement.
The Mac-related vulnerabilities were fixed in all Mac computers released after 2013, the representative said.
WikiLeaks said it would share unpublished details about vulnerabilities from the CIA's arsenal with technology vendors whose products were affected. However, it wants vendors to agree to certain terms first, including a 90-day patch deadline.
Apple appears unwilling to negotiate and claims that so far it has not received any information aside from what WikiLeaks has already published.
“We have not negotiated with Wikileaks for any information,” the Apple representative said. “We have given them instructions to submit any information they wish through our normal process under our standard terms. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.”
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.