Apple Says WikiLeaks CIA Documents Are Old and Exploits Have Been Fixed

[MacRumors]

In response to a series of CIA documents leaked this morning that outline exploits the government used to gain access to Macs and iOS devices, Apple gave a statement to TechCrunch claiming that the documents are old and that the vulnerabilities outlined in the leak have long since been patched.

Apple says the iPhone vulnerability only affected the iPhone 3G and was fixed in 2009, while all Mac vulnerabilities were fixed in Macs launched after 2013.

We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn't in the public domain. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.

The new documents, part of an ongoing "Vault 7" leak focusing on the United States Central Intelligence Agency, were released by WikiLeaks this morning. Codenamed "Dark Matter," the documents primarily covered techniques for exploiting and accessing Macs through a peripheral device like a USB stick.

An iPhone exploit, called "Night Skies 1.2," was also featured, adding to the range of "Year Zero" iPhone exploits that were shared by WikiLeaks last week.

All of the Dark Matter and Year Zero documents can be found on WikiLeaks. Additional Apple-related hacks and exploits may surface as the Vault 7 series continues, and it will take time for security analysts and experts to determine the impact of the leaks.

While Apple says all of the exploits have been patched, its results are preliminary. Should any remaining exploits be unaddressed, Apple will undoubtedly fix them quickly.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Says WikiLeaks CIA Documents Are Old and Exploits Have Been Fixed

 

[BeefCake 15]

Can we give credit to Apple for this! They've been faster to respond on security issues than MR trolls

 

[thadoggfather]

Do we really believe CIA is behind the times, to the extent of 2009ish?

They have a whole dept dedicated to apple products, I think they still know what they're doing

 

[dannyyankou]

So does this mean my 2012 MacBook has these vulnerabilities?

 

[AngerDanger]

Apple gave a statement to TechCrunch claiming that the documents are old and that the vulnerabilities outlined in the leak have long since been patched.

Apple went on to look around nervously and say, "So no need to even try these exploits, guys. Ha ha ha. Seriously though, don't even bother."

 

[TallGuyGT]

What's worrisome are the ones that survive a complete wipe and OS install. I hope Apple continues to harden it's products from those types of attacks.

 

[Robert.Walter]

So does this mean my 2012 MacBook has these vulnerabilities?

Was thinking similarly, that it reads as though they couldn't plug these holes with software so there are a bunch of non vintage/obsolete Macs out there that are still vulnerable. If so, it would be nice if apple to explain thecountours of that vulnerability so that owners can take appropriate precautions.

 

[snebes]

Ah so the 2013 and still current Mac Pro is vulnerable. How nice

 

[KiwiAdventure]

They are Americans turning on there own Americans.

 

[Zaqfalcon]

"We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users."

Are Apple implying with this statement that they believe Wikileaks are thieves and threatening harm to their users?

 

[DrewDaHilp1]

"We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users."

Are Apple implying with this statement that they believe Wikileaks are thieves and threatening harm to their users?

I think(being the keyword) that they are saying that any data gained from Wikileaks is not legally acquired aka stolen/gained via theft/unauthorized access.
The coordinate with those that threaten harm to our users part is saying that they don't work with governments to use their products to spy on their citizens.
In my mind basically they are covering both sides of the argument.

 

[JeffyTheQuik]

"Nothing to see here, folks. Please move along..."

 

[lkrupp]

This is tin foil hat material for OCD Paranoids. No matter what Apple says they will say, “Yeah, but...” like the guy out in the Nevada dessert who claims he can prove the Moon landings were faked and that Lyndon Johnson ordered the hit on Kennedy. These people cannot be reasoned with.

 

[kevinkyoo]

Do people really think that the CIA's exploits have been patched, and that's the end of that? No other way to get around them? It's a good PR piece, but let's be real here.
[doublepost=1490324618][/doublepost]

This is tin foil hat material for OCD Paranoids. No matter what Apple says they will say, “Yeah, but...” like the guy out in the Nevada dessert who claims he can prove the Moon landings were faked and that Lyndon Johnson ordered the hit on Kennedy. These people cannot be reasoned with.

And you're the same person who would've questioned the existence of these exploits before documents like Vault came out.

 

[ikramerica]

Requiring people to buy a new product doesn't fix the problem. Basically 2012 and older macs are not fixed. Older iPhones also, but anyone using an obsolete 8 year old iPhone isn't a top priority to the CIA. Older, perfectly functioning and still fast Macs are a different matter.

 

[pdjudd]

And you're the same person who would've questioned the existence of these exploits before documents like Vault came out.

Sane people question things that are made up or are provided without evidence. If someone presented this without context or just claimed them without basis to believe them, I sure would doubt them. I want hard evidence before I accept claims.

 

[M2M]

Is that the reason why the macpro isn't updated ? To keep the wholes open ?

 

[rawweb]

Fascinating, since they're still selling a Mac product made in 2013 as new. No reason to update it though, it passes this round of threats.

Maybe someone needs to quick 'exploit' the Mac Pro/Mini so we can get a new one! lol

 

[kevinkyoo]

Sane people question things that are made up or are provided without evidence. If someone presented this without context or just claimed them without basis to believe them, I sure would doubt them. I want hard evidence before I accept claims.

Where's the hard proof with these documents? You want the CIA or the tech companies to present to you the break-ins? And what context do you want for a bombshell of a set of documents like this for you to believe in them?

My point is that it's not far-fetched to think that if this exploit were to exist, patching it once won't make it go away.

 

[Robert.Walter]

"We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users."

This clumsy disconcerting sentence runs three topics together And makes it hard to understand exactly what they mean.

Theft? Of CIA exploits? Such that Apple is flipping the bird to Wikileaks because they see the Wikileaks info as stolen? So Apple cares enough about users to only use info in the public domain and to avoid tangling with the us government over receiving "stolen" info via Wikileaks?

Couldn't Apple care more and ask a federal judge to permit Apple to take possession of that info? (Maybe Apple News could do so as a naiscent journalistic operation, and in documenting the story, involve Apple technical experts. The stories could be published after the exploits were closed.)

 

[Nicky G]

Assume all of your electronic communications are PWNED, period. 'Nuff said.

EDIT: And btw, in two minutes will be my 15th year on this forum, so youngins, let me set you straight: Heed this sheeyit. Heed it, beeyotches.

EDIT 2: And BTW, I have been telling people this sheeyit since I was in college in the late 90s. Nobody listened then, and now everyone "sorta" takes it for granted. This is not a good state of affairs, in the era of fascist overthrow of the USA. Heed it. Heed it.

 

[calzon65]

Of course they would say this

 

[supercoolmanchu]

"We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users."

This clumsy disconcerting sentence runs three topics together And makes it hard to understand exactly what they mean.

Theft? Of CIA exploits? Such that Apple is flipping the bird to Wikileaks because they see the Wikileaks info as stolen? So Apple cares enough about users to only use info in the public domain and to avoid tangling with the us government over receiving "stolen" info via Wikileaks?

Couldn't Apple care more and ask a federal judge to permit Apple to take possession of that info? (Maybe Apple News could do so as a naiscent journalistic operation, and in documenting the story, involve Apple technical experts. The stories could be published after the exploits were closed.)

Apple is stating they do not cooperate with any entities to try and steal Apple user data. The only party doing that is the government and hackers.

Wikileaks is publishing government documents, not stealing iCloud credentials. There's no bird flipping by Apple about Wikileaks here.

The only statement regarding Wikileaks disclosures is that Apple has already patched these bugs. It doesn't change the facts about the government's illicit actions. The CIA budget that was bloated to pay for all this, continues, so it's reasonable to assume they are still up to the same crap.

Lots of political hacks really want to tar the messenger. Get over it, your favorite politicians are scum. If Trump continues this, he'll be a piece of **** too, but there will be no absolution for for Obama and Hillary by blasting Wikileaks. They will own that shame forever in the historical record, as will their tireless super fans.
[doublepost=1490330171][/doublepost]

Assume all of your electronic communications are PWNED, period. 'Nuff said.

EDIT: And btw, in two minutes will be my 15th year on this forum, so youngins, let me set you straight: Heed this sheeyit. Heed it, beeyotches.

EDIT 2: And BTW, I have been telling people this sheeyit since I was in college in the late 90s. Nobody listened then, and now everyone "sorta" takes it for granted. This is not a good state of affairs, in the era of fascist overthrow of the USA. Heed it. Heed it.

Whatever dude. I keep telling you beta wimps that all these bugging exploits are easily thwarted with continual playback of speed metal. The screaming vocals and guitars completely obscure speech range frequencies, and overload these computer/phone mics better than any other source.

 

[MacBH928]

This gov. tracking hacking is really getting out of hand. I remember back in the dawn of PCs, hackers were criminals. Now its the governments doing it. People who say they have nothing to hide might as well build their homes with glass walls and install a microphone over their mouths 24/7 and broadcast it on public radio.

I am starting to think I should get a non-internet laptop, or just rely on good ol' pencil and paper. Here are just few examples of what you could lose due to tracking hacking activites:

-Books first drafts
-product designs (smartphone to cars)
-Corporate insider information that can affect stock market

 

[supercoolmanchu]

Is that the reason why the macpro isn't updated ? To keep the wholes open ?

No. They are not updating the Mac Pro to help the business using them maximize profits by minimizing incremental hardware upgrade expenses. There's nothing on Facebook or your little social media services that requires any computer tech past 2006. Users have gotten dumber and less sophisticated, so a Mac Pro from 3 years ago (didn't actually ship until 2014) smokes for pretty much everything you'd ever need.

But you should email Tim Cook directly and tell him you want that new Mac 'I Play Games'... ahem... mean Mac Pro.