#DarkMatter: Apple’s fix for CIA hacks disputed by WikiLeaks
“We have preliminarily assessed the WikiLeaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released,” Apple said in a statement. “Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.”
“Apple's claim that it has ‘fixed’ all ‘vulnerabilities’ described in DARKMATTER is duplicitous,” WikiLeaks tweeted in response. “EFI [Extensible Firmware Interface] is a systemic problem, not a zero-day [vulnerability in software or hardware that can be exploited to hack systems and is often later patched.]”
Apple's claim that it has "fixed" all "vulnerabilities" described in DARKMATTER is duplicitous. EFI is a systemic problem, not a zero-day.— WikiLeaks (@wikileaks) March 24, 2017
EFI loads a computer’s operating system and is behind the boot sequence of a computer.
“If you change something before that [booting], you’re controlling everything,” firmware hacker Karsten Nohl told Wired. “It becomes part of your computer. There’s no way of knowing that it’s there, and also hardly any way to get rid of it.”
Darkmatter+Triton can be remotely installed— WikiLeaks (@wikileaks) March 24, 2017
CIA has 2016 version: DerStake2.0
EFI is not fixable "vulnerability" https://t.co/UgrCQ1eAO3
“Darkmatter+Triton can be remotely installed. CIA has 2016 version: DerStake2.0. EFI is not fixable ‘vulnerability’,” WikiLeaks said.
WikiLeaks’ Dark Matter release Thursday explained that while many of the documents are from up to 2013, “other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.”
Whether Apple has fixed all the vulnerabilities featured in Dark Matter, the documents show CIA’s capabilities and suggest it has likely continued to attempt to infiltrate newer Apple products.
The company responded to the first batch of documents released by WikiLeaks as part of its massive #Vault7 earlier this month. It said “many” of the exploits featured in the documents had already been patched in the latest iOS update and that it was working to “rapidly address any identified vulnerabilities.”