Yesterday morning, Wikileaks released a treasure trove of documents detailing the arsenal of software tools the CIA uses to hack into targeted iPhones and Macs. While most of the reported exploits require physical access to a particular device, the document dump naturally generated no shortage of fear-inducing headlines about the state of security of various Apple products.
In an effort to address and alleviate such concerns, Apple late last night issued statement to TechCrunch assuring both Mac and iPhone users that all of the CIA exploits recently brought to light by Wikileaks are old and outdated. In fact, Apple notes that a handful of the newly disclosed exploits were patched nearly seven years ago.
Apple’s statement on the matter reads as follows:
We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.
We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.
The tidbit about not negotiating with Wikileaks is worth highlighting as it comes hot on the heels of a report claiming that Wikileaks was withholding access to the technical details of the CIA’s hacking tools unless tech companies like Apple and Google agreed to “sign off on a series of conditions.”
In any event, you can bet good money that the CIA’s collection of iPhone and Mac hacking tools is far more sophisticated today than it was a few years back. And while Apple has undoubtedly improved iOS security by leaps and bounds over the last few years, the fact remains that no piece of software is ever 100% bulletproof.
Just this past summer, for example, security researchers discovered an extremely advanced piece of iOS spyware capable of remotely spying on a targeted device’s phone calls, texts, emails, location and more. Dubbed Pegasus and developed by an Israeli security company called the NSO Group, the software prompted Apple to quickly roll out a software patch for the handful of zero-day exploits Pegasus relied upon.