Apple says that its preliminary assessments of the Wikileaks documents released today indicate that the vulnerabilities it details for iPhone and Mac were fixed years ago. The documents, which originated with the CIA, detailed a variety of methods for compromising — breaking into — Apple devices if an agent was able to gain physical access to the device.
The leaks were a part of the ‘Vault7′ documents, which Wikileaks has been dribbling out. Some of the exploits, like NightSkies, could access personal info like call logs and SMS conversations — but only with physical access.
We have preliminarily assessed the Wikileaks disclosures from this morning. Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013.
We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain. We are tireless defenders of our users’ security and privacy, but we do not condone theft or coordinate with those that threaten to harm our users.
As any security expert will tell you, once you gain physical access to a device, nearly all bets are off. Remote intrusion is a much more real and dangerous threat to the security of either end users or company-wide systems. Basically if you have the device in hand and all the time in the world it’s just a matter of plugging away.
To wrap — these appear to be older exploits but government agencies are always seeking new vectors and likely have new methods in place already that Apple is or will be patching out as soon as they are disclosed by researchers or disclosed by legal discovery.
Here’s a few solid tips courtesy of our own Romain Dillet earlier today:
- Always update to the latest version of iOS to get the most recent security fixes
- Use a strong passcode (at least six numbers or, even better, an alphanumeric password)
- Update your iPhone over the air by going to the Settings app on your phone so you don’t have to use iTunes
- Keep your phone with you so you’re sure nobody is installing a custom firmware behind your back