Thursday, March 23, 2017

Apple: Security vulnerabilities revealed by WikiLeaks no longer work

Go to Original
BY JOE UCHILL



Apple believes none of the security vulnerabilities in CIA documents released by Wikileaks are still active.
WikiLeaks published its second archive of CIA files Thursday, all of which dealt with hacking techniques for Apple products. 
"We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013," the company said in a statement.
Wikileaks newest archive of documents is the second in a series of documents allegedly taken from a secure CIA network. Intelligence agents and lawmakers are not concerned about the sensitivity of the documents that have so far been released. Wikileaks has nicknamed its series of CIA leaks "Vault 7."
The documents, many of which are years old, from both of the Vault 7 releases deal with targeted hacking techniques — as opposed the bulk surveillance tools used by the NSA — that were used on products released during various points in the last decade. The newest archive includes documents from 2009 and 2013. 
WikiLeaks has offered to aid companies in repairing security flaws in their products by sharing tactics the CIA used before releasing them publicly.
The site has insisted that manufacturers repair flaws it shares within a limited timeframe, which has reportedly dissuaded some vendors from taking the site up on its offer. These kinds of time limits are common in the research community and are used to ensure that vendors actually put the information they receive to use. 
Other vendors have reportedly turned down the offer for help because of concerns about receiving classified information and risking government contracts. 
"We have not negotiated with Wikileaks for any information," Apple said in its statement.
"We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain."

No comments: