Apple has patched critical iPhone exploits mentioned in the Wikileaks CIA dump

By Kyle Wiggers Published March 8, 2017

iphone iphishing scam lifestyle head — Image used with permission by copyright holder

The Central Intelligence Agency was implicated this week in a clandestine effort to defeat encryption on phones, laptops, smart TVs, and even connected cars. Among the startling revelations was the agency’s hoarding of zero day exploits — unpatched bugs — that could grant intelligence agents access to encrypted iPhones. But there may be less cause for alarm than the leaked documents led many publications to believe.

One Wednesday, a spokesperson for Apple told members of the press that a number of security loopholes were closed in the latest version of iOS, the iPhone’s operating system.

Recommended Videos

“Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system,” an Apple spokesperson told Motherboard. “While our initial analysis indicates that many of the issues leaked were patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities.”

Please enable Javascript to view this content

Wikileaks, which published internal CIA documents earlier this week, didn’t distribute any of the exploits. But leaked spreadsheets detailed several of the methods circulated among the world’s top intelligence agencies, including the CIA, FBI, and GCHQ, the U.K.’s electronics intelligence agency.

Earth/Eve was an exploit purchased by the NSA and later shared with the CIA. GCHQ discovered a critical zero day code named Nandao. The CIA uncovered a bug that allowed agents to remotely control a targeted device. And the FBI’s Remote Operations Unit, one of the Bureau’s hacking divisions, discovered an iOS 7 hack.

Other attacks were mentioned in a user guide for “MCNUGGET,” a tool that breaks encryption on iOS 8.0-8.1.3 devices. Another user guide referenced “DRBOOM,” a script that lets an attacker with physical access to an iOS 7-8.2 device install persistent malware. And still other documents listed exploits that have been publicly disclosed, including one by Chinese jailbreaking team Pangu and iOS security researcher Stefan Esser.

In all, the documents named 14 separate exploits and attacks.

Just because Apple has patched a few of iOS’s vulnerabilities doesn’t mean your phone is now safe from prying eyes. The CIA has reportedly broken the security of popular chat apps like WhatsApp, Signal, Telegram, Weibo, and others by intercepting messages and photos before they could be encrypted. And Android phones aren’t immune — according to Wikileaks, the CIA had 24 weaponized Android “zero day” software programs by the end of 2016.

Still, updating your iPhone to the latest software version will reduce some potential vulnerability, at the very least.

Topics

Former Digital Trends Contributor

Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…

Mobile

The uncertain future cost of Apple’s Emergency SOS feature

Person holding iPhone 14 searching for Emergency SOS satellite.

It's been roughly two years since the launch of the iPhone 14 and its Emergency SOS via satellite feature. You might recall that during the first two years, Apple said it would be free to use but that it might require a subscription after that time, according to MacRumors. Last year, Apple extended the time limit by one more year, so you actually have until November 2025, when the trial period ends.

That's good news. The Emergency SOS feature is, quite literally, lifesaving. During April of this year, three university students lost their way in a canyon and used the feature to call for help. Another story arose in July where the feature came through once more in a moment of crisis. And if you keep digging, you'll find numerous other examples of how this tech is truly beneficial.

Computing

Google Gemini arrives on iPhone as a native app

the Google extensions feature on iPhone

Google announced Thursday that it has released a new native Gemini app for iOS that will give iPhone users free, direct access to the chatbot without the need for a mobile web browser.

The Gemini mobile app has been available for Android since February, when the platform transitioned from the older Bard branding. However, iOS users could only access the AI on their phones through either the mobile Google app or via a web browser. This new app provides a more streamlined means of chatting with the bot as well as a host of new (to iOS) features.

Mobile

A hidden iOS 18.1 upgrade made it harder to extract data from iPhones

A person holding the Apple iPhone 16 Plus.

Apple Intelligence was the most notable upgrade that arrived on iPhones with the iOS 18 series of updates. But it seems Apple reinforced the security protocols in the background that could prevent bad actors from gaining unauthorized access to iPhones that haven’t been unlocked in a while by their legitimate owner.

Earlier this month, 404Media reported that law enforcement officials are troubled by iPhones that are mysteriously rebooting. Citing a report courtesy of officials in Michigan, the outlet notes that the reboots are hampering the ability to access what’s stored on the phones through brute-force unlock methods.