Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

WikiLeaks Publishes New 'Vault 7' Exploits Tested on Older Macs Running Snow Leopard and Lion

MacRumors

macrumors bot
Original poster
Apr 12, 2001
51,479
13,108



Earlier in March, WikiLeaks began "Vault 7," a project focused on sharing exploits created and used by the United States Central Intelligence Agency, beginning with leaking 8,761 documents discovered within an isolated network in Langley, Virginia. Following the release of iOS-related documents, as well as some Mac exploits, Vault 7's publications didn't specifically include Apple products for much of the year.

Now, the leakers have shared two new exploits that are said to have been created under the codenamed "Imperial" project by the CIA. The first is called "Achilles," and WikiLeaks said it allows an operator to trojan a disk image installer on a Mac computer, giving the operator "one or more desired...executables" for a one-time execution. This means that a .dmg file could be downloaded by a user, containing malicious content, and dragged into their application directory without knowing.


In the Achilles user guide, it's explained that the trojaned .dmg file would behave similarly to the original file, and that all of the operator's intended executables would run the first time the app is launched. Afterwards, all traces of Achilles would be "removed securely" from the .app file and that file would "exactly resemble" the original, un-trojaned application. Achilles was only tested on OS X 10.6, which is Apple's Snow Leopard operating system that launched in 2009.
Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.
The second exploit is called "SeaPea," and is described as a Rootkit for OS X that provides an operator with "stealth and tool launching capabilities." SeaPea hides files and directories, socket connections, and processes from the user, allowing the operator to access a Mac computer without their presence being known.

SeaPea was tested on Macs running both OS X 10.6 and OS X 10.7 (Lion), and requires root access to be installed on the Mac in question. The vulnerability would remain on the computer until the hard drive was reformatted or the user upgraded to the next major OS version.
SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.
Among the Imperial documents is an automated implant for Windows devices called Aeris, which rounds out all of the leaked CIA files published by WikiLeaks today. Another Vault 7 release earlier this summer focused on the use of modified versions of router firmware to turn networking devices into surveillance tools, called "Cherry Blossom."

Due to the older Mac software used for testing Achilles and SeaPea, it's likely that such exploits have already been addressed by Apple in the numerous updates that have been released since Snow Leopard in 2009 and Lion in 2011. The previous vulnerabilities leaked by WikiLeaks in March were quickly addressed by Apple, which said that it had fixed the "alleged" vulnerabilities in iPhone 3G devices (called "NightSkies") back in 2009, and the Sonic Screwdriver Mac exploit in all Macs released after 2013.

Article Link: WikiLeaks Publishes New 'Vault 7' Exploits Tested on Older Macs Running Snow Leopard and Lion
 
  • Like
Reactions: mudflap

simonmet

Cancelled
Sep 9, 2012
2,666
3,656
Sydney
Funny that this article doesn’t have the “Due to the political nature...” “warning” and restrictions but far less political and controversial ones often do.

I don’t believe all this secrecy is ultimately benefial or worth the risks to privacy and misuse.

The code name “Imperial” says it all. Our governments think they’re imperial masters/overloads and we are subjugated like pawns to them.
 
Last edited:
Comment

JungeQuex

macrumors regular
Sep 16, 2014
136
313
Well guys you have to understand that this is how the government keeps us safe. If you don't have anything to hide, what are you worried about?

;)
 
Comment

oneMadRssn

macrumors 603
Sep 8, 2011
5,426
12,579
Europe
I don't understand how Americans let alone the rest of the world are not up in arms about these state funded programs..
I'm not mad there are state funded programs to discovery these vulnerabilities, I'm mad they don't share these vulnerabilities with the company or people responsible for the software. Go ahead and find vulnerabilities, hope our enemies don't patch their computers, and use the vulnerabilities if needed. But to expose all innocent users worldwide like that is downright malicious.
 
Comment

GrumpyMom

macrumors G3
Sep 11, 2014
9,436
13,492
These shenanigans interestingly enough benefit Apple by ensuring we are too afraid to not upgrade our operating systems when Apple releases a new one and our hardware when needed to run the new operating systems effectively. That in turn helps reduce fragmentation. Reducing fragmentation benefits us Apple users as a whole. It's a weird win-win situation, albeit an aggravating one on first glance.
 
Comment

thisisnotmyname

macrumors 68020
Oct 22, 2014
2,381
4,995
known but velocity indeterminate
Will the next dump disclose all the Windows 95 vulnerabilities they've found. I'm concerned about needing to upgrade.

(I would have used XP but it would cause a "Poe's Law" situation as there are still people the refuse to leave it)
 
Comment

MysticCow

macrumors 6502a
May 27, 2013
948
525
I don't understand how Americans let alone the rest of the world are not up in arms about these state funded programs..

Americans have become complacent and are now expecting government to solve all problems. So when you want an all-powerful government, why is it so surprising when the government really IS all-powerful?
 
  • Like
Reactions: centauratlas
Comment

MacBH928

Contributor
May 17, 2008
5,322
2,086
And here I am typing on my Macs thinking I am solid and secure from hackers getting my files.

Looks like the best security procedure is to have your computer NOT connected to the internet, but Apple will not let that happen because AFAIK you can only get the needed software via connecting the computer to an iCloud account and through the App Store.
 
Comment

ksnell

macrumors 6502a
Aug 26, 2012
693
1,200
Texas
I don't understand how Americans let alone the rest of the world are not up in arms about these state funded programs..

Many of us are. Between stuff like this and the net neutrality fight, it is a tough road ahead. Also equally concerned about other governments like the UK and their internet browsing history and data retention. What ever happened to privacy?
[doublepost=1501184501][/doublepost]
Americans have become complacent and are now expecting government to solve all problems. So when you want an all-powerful government, why is it so surprising when the government really IS all-powerful?

Speak for yourself.
 
  • Like
Reactions: 826317 and mudflap
Comment

melendezest

Suspended
Jan 28, 2010
1,693
1,579
Any user knows to NOT use an Administrator (i.e. root) account as a daily driver in their machine, regardless of OS, right? RIGHT?

Be bloody careful with what you install on your device. Thankfully Macs come with pretty much everything you need, and what's not there can be found in the curated App Store.

If it's not there and you need something else, then you better know what you are doing or you WILL learn a HARD lesson.
 
Comment

wilsonlaidlaw

macrumors 6502
Oct 29, 2008
430
62
Wikileaks really are a bunch of arrogant, self-serving ***holes. Who benefits from them disclosing these vulnerabilities other than criminals looking to exploit them? There are a number of us using older Macs, which are upgraded to their limits at Snow Leopard. Luckily the one I use, only connects to the internet to stream music from iTunes radio and BBC Radio and those sites are less likely than most to be attack vectors.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.