Apple may have patched most of the security flaws that Wikileaks revealed the CIA is exploiting, but not all of them. Apple has been scrambling trying to learn more about the remaining exploits and it looks like the help it needs is coming directly from Wikileaks. The organization said it plans to share everything it knows about the hacks with Apple, and it’s going to do the same for other tech companies the CIA targeted, too.
The reported exploits were listed in thousands of pages Wikileaks released this week. Products from Apple, Google, Microsoft, Samsung, and several other companies were listed as targets for CIA surveillance through exploits the agency wasn’t sharing, raising concerns about who was being monitored and if other governments were taking advantage of the same hacks.
The exploits were leaked as part of a document collection Wikileaks is calling Vault 7.
Apple said most of the exploits listed in the documents have already been patched, and it’s actively looking into the rest. The problem Apple is facing is that without the code the CIA is using, tracking down and patching the exploits is difficult at best.
Wikileaks: Share and Share Alike
Since the CIA isn’t interested in sharing the code, Wikileaks will. Wikileaks founder Julian Assange said, “We have decided to work with [manufacturers] to give them exclusive access to the additional technological details we have so that fixes can be developed and pushed out.” After the companies patch the exploits Wikileaks plans to publish the hacks, according to NPR.
Mr. Assange went on to say the CIA is incompetent because it failed to protect the hacks it uses.
CIA spokeswoman Heather Fritz Horniak made it clear how the agency feels about Mr. Assange saying, “As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity.”
Wikileaks isn’t offering up a time frame for when it will release the CIA’s exploits. The fact that they’re coming at some point makes it imperative we update our iPhones and iPads as soon as Apple’s security patches are released.
The CIA obviously knows all about being “not exactly a bastion of truth and integrity.”
Assange hadn’t been in the news for a while and he was probably getting yancy about not getting any attention.
Wish Wikileaks would’ve told the tech companies first.
Until Apple releases some updates (hopefully very soon now), we gotta live with published open exploits.
Legally, the CIA is supposed to share the vulnerabilities it discovers with manufacturers. It is shameful that Wikileaks is involved at all.
I believe there are laws to prevent the passing or accepting of classified information. As these hacks and tools are still classified some overzealous prosecutor could theoretically go after Apple et.al. for accepting this information from Wikileaks.