Apple says it will “rapidly address” the vulnerabilities in iOS apparently used by the CIA to control and siphon off data from iPhones and iPads.
The revelations about iOS flaws emerged in the vast leak of what appear to be CIA internal documents, which showed the scale of the CIA’s hacking capabilities. Its apparent activities include a program of using dozens of zero-day exploits against products from some of the largest tech companies, including Apple, Google, and Microsoft.
Wikileaks claimed that a specialized unit in the CIA’s Mobile Development Branch produces malware to infect, control, and siphon off data from iPhones and other Apple products running iOS, such as iPads.
The CIA zero-day arsenal includes flaws that could be triggered either locally on the handset or remotely, and which were developed by the agency itself or obtained from GCHQ, NSA, or FBI, or bought in.
“The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic, and business elites,” Wikileaks said.
In a statement, Apple said it is working to fix any security holes that might remain, but said many of the issues leaked have already been patched.
“Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities.
“We always urge customers to download the latest iOS to make sure they have the most recent security updates.”
Apple’s products are not the only ones targeted, according to the leaked documents. They also reveal a project developed by MI5 and the CIA in 2014 called Weeping Angel, which could turn a Samsung smart TV into a listening device.
The documents suggest that last year the CIA had 24 zero-day vulnerabilities stockpiled, which it had either discovered itself or obtained from GCHQ, NSA and others.