Nav

WikiLeaks 'Vault 7' Continues; New Documents About MacBook, iMac-Related CIA Exploits Exposed

By Eamon J Jawatin | Mar 27, 2017 07:02 AM EDT

The whistleblower organization WikiLeaks on Thursday continued its "Vault 7" series - Dark Matter, by dropping the information concerning CIA-related programs that were built to infect Apple's iMac and MacBook devices. Previously, WikiLeaks launched "Year Zero" series in attempt to expose the exploits created by the CIA, aiming for iOS devices.

When the "Year Zero" came out, Apple announced on the same day that the vulnerabilities in the leak were already patched. However, the leakers claim that the program is persistent, even if the operating system is reinstalled. The project - named the "Sonic Screwdriver", was created by the CIA's Embedded Development Branch. The name represents a mechanism of the ability to deploy code from a peripheral device such as the USB stick, while a Mac is booting up.

Based on WikiLeaks explanation, "Sonic Screwdriver" allows an attacker to boot its attack software, even though the Mac is secured with a sign-up password. The CIA's own "Sonic Screwdriver", according to them has been kept safely on a modified firmware version of Apple's Thunderbolt-to-Ethernet adapter.

"DarkSeaSkies" is an implant that persists in the EFI firmware of an Apple MacBook Air computer and consists of DarkMatter, SeaPea and NightSkies, respectively EFI, kernel-space and user-space implants, explained WikiLeaks. Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release.

Dark Matter is not entirely about Mac. This series also includes a few new iPhone exploits, such as NightSkies 1.2. This tool is designed to be physically installed on an iPhone during the part assembly process in its manufacturing facility. According to WikiLeaks, this program goes way back in 2008 - a year after the first iPhone was released to the market.  

The full list of the new Dark Matter documents can be found on WikiLeaks, and we're likely to see more Apple-related WikiLeaks as the Vault 7 series continues. As it was with Year Zero, it'll still take some time for security analysts and experts to determine the full impact of today's leaks.

 

Related Stories

Latest Stories