WikiLeaks Continues 'Vault 7' With New Documents Detailing Mac-Related CIA Exploits

WikiLeaks today continued its "Vault 7" series by leaking details concerning CIA-related programs that were built with the intent to infect iMac and MacBook devices. Today's "Dark Matter" installation of Vault 7 follows a few weeks after WikiLeaks debuted "Year Zero," which focused on exploits that the CIA created for iOS devices. In a response the same day that Year Zero came out, Apple said that many of the vulnerabilities in the leak were already patched.

Now, WikiLeaks is shedding light on Mac-related vulnerabilities and exploits, which the leakers claim "persists even if the operating system is re-installed." The project in question, created and spearheaded by the CIA's Embedded Development Branch, is called the "Sonic Screwdriver" and represents a mechanism that can deploy code from a peripheral device -- a USB stick, or the "screwdriver" -- while a Mac is booting up.


According to WikiLeaks, this allows an attacker "to boot its attack software" even if the Mac has a password enabled on sign-up. In the report, it's said that the CIA's own Sonic Screwdriver has been stored safely on a modified firmware version of an Apple Thunderbolt-to-Ethernet adapter. Besides the Doctor Who-referencing exploit, Dark Matter points towards yet another bounty of CIA programs aimed at gathering information, infecting, or somehow crippling a Mac device.

"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Dark Matter isn't exclusively Mac focused, however, and includes a few new iPhone exploits in the round-up as well. One is called "NightSkies 1.2" and is described as a "beacon/loader/implant tool" for the iPhone that is designed to be physically installed on an iPhone directly within its manufacturing facility. This conspiracy-leaning exploit is said to date back to 2008 -- one year after the first iPhone debuted -- and suggests, according to WikiLeaks, that "the CIA has been infecting the iPhone supply chain of its targets since at least 2008."

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

The full list of the new Dark Matter documents can be found on WikiLeaks, and we're likely to see more Apple-related WikiLeaks as the Vault 7 series continues. As it was with Year Zero, it'll still take some time for security analysts and experts to determine the full impact of today's leaks.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

(View all)
Avatar
46 months ago
Hope they bring a dongle to install the malware!
Score: 26 Votes (Like | Disagree)
Avatar
46 months ago
Not surprising the government has a secret arsenal of weapons to gather cyber information on multiple platforms and devices. The part that bothers me is how far they go to do it to the average person.
Score: 14 Votes (Like | Disagree)
Avatar
46 months ago

Probably the most harmful thing Apple has done is try to con their customers into thinking their gadgets are secure.

I think it is a little different when you are talking about this situation, considering you need physical access to the device.

Also, I don't ever remember Apple saying that Macs were 100% secure for any attack. They did say that iPads don't get PC viruses though, which is true. Just like I don't get PC viruses.
Score: 14 Votes (Like | Disagree)
Avatar
46 months ago

What's more bothersome is if these exploits get into the wrong hands. And that's entirely possible.

When, not if.
Score: 13 Votes (Like | Disagree)
Avatar
46 months ago

Hope they bring a dongle to install the malware!

Don't you get it?? The dongle IS the malware.


/s
Score: 12 Votes (Like | Disagree)
Avatar
46 months ago

So, it sounds like code could only be done with having physical access to the device itself.

Interesting spy stuff.

Yes. Physical security is #1. Without it, you're compromised.

I will post a good security guide I found:

https://github.com/drduh/macOS-Security-and-Privacy-Guide/blob/master/README.md
Score: 10 Votes (Like | Disagree)

Top Stories

When Will the iPhone 12 Launch? Here's What We Know

Wednesday September 16, 2020 6:12 am PDT by
Yesterday's "Time Flies" Apple event saw the release of the Apple Watch Series 6, Apple Watch SE, iPad 8, and iPad Air 4, but no new iPhone models. Rumors before the event strongly alleged that it would not see the unveiling of new iPhones, with many reports pointing to an October launch. The lack of new iPhone models yesterday seems to confirm that the iPhone 12 lineup will not appear...

iOS 14 Picture in Picture No Longer Working With YouTube's Mobile Website in Safari [Without Premium]

Friday September 18, 2020 12:21 pm PDT by
Apple in iOS 14 added Picture in Picture to the iPhone, a feature designed to let you watch a video in a small screen on your device while you continue to do other things on the phone. When Picture in Picture was working with YouTube The YouTube app doesn't support Picture in Picture, but up until yesterday there was a functional workaround that allowed videos from YouTube.com to be watched...

Hands-On With the New Apple Watch Series 6 and Apple Watch SE

Friday September 18, 2020 1:19 pm PDT by
Today's the official launch date for the Apple Watch Series 6 and the Apple Watch SE, both of which Apple announced on Tuesday. We picked up a couple of the new models and thought we'd give them a quick look for MacRumors readers thinking of ordering a new watch. Apple Watch Series 6 & Apple Watch SE Hands-On! When it comes to design, both the $399 Series 6 and the $279 SE look just like...

Here's How You Can Download iOS 14 and iPadOS 14 Around the World [It's Out]

Wednesday September 16, 2020 2:36 am PDT by
Apple's official public release of iOS 14 and iPadOS 14 dropped on Wednesday, September 16, just a day after the company released the Golden Master to third-party developers. Also set to be made available to the general public for the first time are watchOS 7 and tvOS 14. Getting Started With iOS 14 Video Click image to watch iOS 14 Getting Started While that's left a lot of developers...

Apple Releases iOS 14 and iPadOS 14 With Home Screen Redesign, App Library, Compact UI, Translate App, Scribble Support, App Clips, and More

Wednesday September 16, 2020 12:48 pm PDT by
Apple has released iOS 14 and iPadOS 14, the newest operating system updates designed for the iPhone and iPad. As with all of Apple's software updates, iOS 14 and iPadOS 14 can be downloaded for free. iOS 14 is available on the iPhone 6s and later, while iPadOS 14 is available on the iPad Air 2 and later. The updates are available on all eligible devices over-the-air in the Settings app. To ...

iOS 14.2 Beta Adds New Shazam Music Recognition Feature for Control Center

Thursday September 17, 2020 3:36 pm PDT by
Apple today released the first beta of iOS 14.2 to developers for testing purposes, and the new update introduces a Music Recognition control for the Control Center. The new feature lets you discover music playing around you and it recognizes the music playing with in apps, even when you're wearing AirPods. Songs pop up as notifications, and you can tap to listen in Apple Music....

Apple Updates AirPods 2 and AirPods Pro Firmware to Version 3A283

Monday September 14, 2020 11:24 am PDT by
Apple today released new 3A283 firmware updates for the second-generation AirPods and the AirPods Pro. The second-generation AirPods are being updated from the 2D15 firmware they were previously running, while the AirPods Pros are being updated from the 2D27 firmware they had installed previously. Apple does not provide details on what's included in refreshed firmware so we don't know what's ...

Rumor Report Card: Assessing the Accuracy of Leaks After Apple's Event

Friday September 18, 2020 12:57 pm PDT by
Apple hosted its virtual "Time Flies" event this week, where it introduced four new products, including the Apple Watch Series 6, lower-cost Apple Watch SE, a 10.9-inch iPad Air with an all-screen design, and an updated 10.2-inch iPad with a faster A12 Bionic chip. As expected, there were no new iPhones, which are believed to be coming in October instead. Apple also announced that it will be ...

Epic Games Announces 'Fortnite: Save the World' Will No Longer Be Playable on macOS

Friday September 18, 2020 4:50 am PDT by
Epic Games has announced that "Fortnite: Save the World" will no longer be playable on macOS, after Apple terminated Epic Games' developer account. Fortnite has been in violation of the ‌App Store‌ rules since August 13, when it introduced a direct payment option that skirted Apple's in-app purchase system by allowing payments directly to ‌Epic Games‌. Shortly after Epic blatantly...

Deals: Cellular Carriers Introduce First Offers on Apple Watch Series 6 and SE

Friday September 18, 2020 7:43 am PDT by
With the launch of the Apple Watch Series 6 and Apple Watch SE today, cellular carriers have now introduced special offers for these new wearable devices. Note: MacRumors is an affiliate partner with these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Starting with AT&T, if you buy one Apple Watch Series 3, Series...