Apple Says It Fixed Vulnerabilities Detailed in WikiLeaks Docs Years Ago

[CrAKeN]

 

Apple dismisses new WikiLeaks revelations

 

Apple says those exploits the CIA used to hack into iPhones and Macs were fixed years ago. 

 

Following the new release of CIA classified documents by the WikiLeaks, Apple adopted the same stance it did after the first round of revelations, saying that it had already fixed the bugs mentioned there.

 

The documents, which WikiLeaks say come from the CIA, detail a number of methods for compromising and breaking into Apple devices if an agent can get his or her hands on the device.

 

"We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013," Apple said on the matter.

 

The Wikileaks poke

The company also took the time to poke WikiLeaks a bit. Although it admits they have not negotiated any deals for information via WikiLeaks, Apple does say it has given them instructions to submit any information they wish via their normal process under standard terms. So far, no details were shared with them.

 

This comes after Julian Assange said WikiLeaks would cooperate with tech companies to fix any security problems mentioned by the files, imposing a few conditions, however, like the companies having to release a patch within 90 days.

 

Companies have been somewhat reluctant to make deals with WikiLeaks, especially since there are concerns regarding the source of the CIA files and whether writing patches based on them is a good idea under the circumstances.

 

That being said, it's not exactly a surprise that the CIA has developed various techniques to get into people's phones. The Wiki files today discuss methods that require agents having physical access to the device. With enough time on one's hands, getting into a locked device, even an iPhone isn't impossible, although it's extremely difficult.

 

If you'll remember, the CIA had a row with Apple last year over the decryption of the iPhone of the San Bernardino's shooter. Apple said it couldn't open the phone even if it wanted to, and the CIA eventually found another way in, a technique they are refusing to share with the public despite being sued over it. Their answer was, in short, that they're still using it and they can't share their secret cracking ways.

 

Source

[steven36]

 

 

Quote

 

Apple says recent Wikileaks CIA docs detail old, fixed iPhone and Mac exploits

 

Apple says that its preliminary assessments of the Wikileaks documents released today indicate that the vulnerabilities it details for iPhone and Mac were fixed years ago. The documents, which originated with the CIA, detailed a variety of methods for compromising — breaking into — Apple devices if an agent was able to gain physical access to the device.

The leaks were a part of the ‘Vault7′ documents, which Wikileaks has been dribbling out. Some of the exploits, like NightSkies, could access personal info like call logs and SMS conversations — but only with physical access.

Apple’s full statement is as follows

Quote

 

We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.

We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.

 

 

As any security expert will tell you, once you gain physical access to a device, nearly all bets are off. Remote intrusion is a much more real and dangerous threat to the security of either end users or company-wide systems. Basically if you have the device in hand and all the time in the world it’s just a matter of plugging away.

That said, Apple’s devices have been engineered to be particularly resilient to even in-person attacks. Which is why the CIA docs garnered attention by the press and users today.

 

To wrap — these appear to be older exploits but government agencies are always seeking new vectors and likely have new methods in place already that Apple is or will be patching out as soon as they are disclosed by researchers or disclosed by legal discovery.

 

Here’s a few solid tips courtesy of our own Romain Dillet earlier today:

• Always update to the latest version of iOS to get the most recent security fixes
• Use a strong passcode (at least six numbers or, even better, an alphanumeric password)
• Update your iPhone over the air by going to the Settings app on your phone so you don’t have to use iTunes
• Keep your phone with you so you’re sure nobody is installing a custom firmware behind your back

https://techcrunch.com/2017/03/23/apple-says-recent-wikileaks-cia-docs-detail-old-fixed-iphone-and-mac-exploits/

This is the  original article were  Apple gave the statement to TechCrunch Sorry but the editor from  softpedia fouled out on that one he don't he know the difference in the FBI from the CIA he should find a new gig . ..