{"id":6890,"date":"2017-03-08T04:30:09","date_gmt":"2017-03-08T12:30:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/08\/news-681\/"},"modified":"2017-03-08T04:30:09","modified_gmt":"2017-03-08T12:30:09","slug":"news-681","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/03\/08\/news-681\/","title":{"rendered":"Apple says it has already patched \u2018many\u2019 (not all) leaked CIA exploits"},"content":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Wed, 08 Mar 2017 03:51:00 -0800<\/strong><\/p>\n

Details concerning multiple iOS, Mac, and AirPort exploits allegedly used by the CIA were published by Wikileaks<\/a> late last night.<\/p>\n

The documents reveal an extensive quantity of exploits used against Apple devices, thought WikiLeaks has not published any of the technical details or computer code that was also leaked to prevent these hacks disseminating any further. (Though we don\u2019t know who else got the data).<\/p>\n

The documents offer the deepest look yet into how intelligence services (including the CIA, GCHQ, and others) have worked together to undermine the security of products from multiple vendors, including Apple.<\/p>\n

Agencies argue that your broken security is the price to keep you safe, while most technologists agree that the existence of unpatched vulnerabilities that are used by one government means everyone becomes far less safe \u2013 if one government has them, so do the others.<\/p>\n

That this data has leaked at all shows just how easy it is to spread these backdoor keys.<\/p>\n

The report suggests that spies are listening to you through your television, looking at what you look at through your camera, and rifling through your personal data. The exploits all have funky code-names, too, including:<\/p>\n

The documents suggest the CIA hoards \u2018Zero Day\u2019 exploits. These are typically dangerous exploits that can undermine security or break computer controlled infrastructure.<\/p>\n

They also reveal many exploits for Android devices and another that lets the spooks listen to your conversation using the mic in some Samsung TVs.<\/p>\n

Responding to the WikiLeaks claims, Apple said the latest versions of its software contain patches for most of the flaws, and promises it is working on those it was not hitherto aware of.<\/p>\n

Apple\u2019s statement was published to Twitter <\/a>\u00a0by BuzzFeed\u2019s<\/em><\/a> John Paczkowski:<\/p>\n

\u201cApple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.\u201d<\/p>\n

This is a very good reason to insist on the strongest possible security for every citizen, as back door exploits serve to make us weaker, and not stronger.<\/p>\n

Think about it \u2013 so long as exploits like these exist and are not known about then any government, hacker, or computer criminal can find and use them.<\/p>\n

Once they are found, many government users share this information (as GCHQ did with the CIA).<\/p>\n

Anyone with a guilty conscience knows a secret shared is a secret told \u2013 we know the exploits will leak over time.<\/p>\n

Governments everywhere spend time trying to find each other\u2019s secrets, meaning any such vulnerabilities can also be stolen and used by malicious actors.<\/p>\n

In a matter of time, these leaks mean every government or criminal is equipped with powerful tools that undermine your security, even while vendors aren\u2019t made aware of the problem.<\/p>\n

(We know WikiLeaks has been leaked this data because it told us, we do not know who else has this data and has not told us).<\/p>\n

It\u2019s not just your privacy and your bank account details. Stuxnet<\/a> showed that tools of this nature pose a serious threat to connected infrastructure<\/p>\n

For Apple users, the company\u2019s statement that it has already patched \u201cmany\u201d<\/em> of the leaks is a little chilling, as it suggests the company has not been made previously aware of them all.<\/p>\n

The irony of this sequence of events is that while these tools are ostensibly developed for your protection, as they (inevitably) proliferate beyond responsible agencies they make you far less safe.<\/p>\n

Google+?<\/strong>\u00a0If you use social media and happen to be a Google+ user, why not join\u00a0AppleHolic’s Kool Aid Corner community<\/a>\u00a0and join the conversation as we pursue the spirit of the New Model Apple?<\/p>\n

Got a story?<\/strong><\/p>\n

Drop me a line via Twitter<\/strong><\/a>. I’d like it if you chose to follow me there so I can let you know when fresh items are published here first on Computerworld.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Wed, 08 Mar 2017 03:51:00 -0800<\/strong><\/p>\n

\n
\n

Details concerning multiple iOS, Mac, and AirPort exploits allegedly used by the CIA were published by Wikileaks<\/a> late last night.<\/p>\n

The documents reveal an extensive quantity of exploits used against Apple devices, thought WikiLeaks has not published any of the technical details or computer code that was also leaked to prevent these hacks disseminating any further. (Though we don\u2019t know who else got the data).<\/p>\n

Post-privacy <\/strong><\/h3>\n

The documents offer the deepest look yet into how intelligence services (including the CIA, GCHQ, and others) have worked together to undermine the security of products from multiple vendors, including Apple.<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11077,11078,714],"class_list":["post-6890","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple-ios","tag-apple-mac","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6890"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6890\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}