Apple Says They Fixed Bugs Mentioned in Vault 7, Years Ago

Apple says those exploits the CIA used to hack into iPhones and Macs were fixed years ago.

Following the new release of CIA classified documents by the WikiLeaks, Apple adopted the same stance it did after the first round of revelations, saying that it had already fixed the bugs mentioned there.

The documents, which WikiLeaks say come from the CIA, detail a number of methods for compromising and breaking into Apple devices if an agent can get his or her hands on the device.

“We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013,” Apple said on the matter.

The company also took the time to poke WikiLeaks a bit. Although it admits they have not negotiated any deals for information via WikiLeaks, Apple does say it has given them instructions to submit any information they wish via their normal process under standard terms. So far, no details were shared with them.

This comes after Julian Assange said WikiLeaks would cooperate with tech companies to fix any security problems mentioned by the files, imposing a few conditions, however, like the companies having to release a patch within 90 days.

Companies have been somewhat reluctant to make deals with WikiLeaks, especially since there are concerns regarding the source of the CIA files and whether writing patches based on them is a good idea under the circumstances.

That being said, it’s not exactly a surprise that the CIA has developed various techniques to get into people’s phones. The Wiki files today discuss methods that require agents to have physical access to the device. With enough time on one’s hands, getting into a locked device, even an iPhone, isn’t impossible, although it’s extremely difficult.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients