WikiLeaks Publishes New 'Vault 7' Exploits Tested on Older Macs Running Snow Leopard and Lion

by

Earlier in March, WikiLeaks began "Vault 7," a project focused on sharing exploits created and used by the United States Central Intelligence Agency, beginning with leaking 8,761 documents discovered within an isolated network in Langley, Virginia. Following the release of iOS-related documents, as well as some Mac exploits, Vault 7's publications didn't specifically include Apple products for much of the year.

Now, the leakers have shared two new exploits that are said to have been created under the codenamed "Imperial" project by the CIA. The first is called "Achilles," and WikiLeaks said it allows an operator to trojan a disk image installer on a Mac computer, giving the operator "one or more desired...executables" for a one-time execution. This means that a .dmg file could be downloaded by a user, containing malicious content, and dragged into their application directory without knowing.


In the Achilles user guide, it's explained that the trojaned .dmg file would behave similarly to the original file, and that all of the operator's intended executables would run the first time the app is launched. Afterwards, all traces of Achilles would be "removed securely" from the .app file and that file would "exactly resemble" the original, un-trojaned application. Achilles was only tested on OS X 10.6, which is Apple's Snow Leopard operating system that launched in 2009.

Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.

The second exploit is called "SeaPea," and is described as a Rootkit for OS X that provides an operator with "stealth and tool launching capabilities." SeaPea hides files and directories, socket connections, and processes from the user, allowing the operator to access a Mac computer without their presence being known.

SeaPea was tested on Macs running both OS X 10.6 and OS X 10.7 (Lion), and requires root access to be installed on the Mac in question. The vulnerability would remain on the computer until the hard drive was reformatted or the user upgraded to the next major OS version.

SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.

Among the Imperial documents is an automated implant for Windows devices called Aeris, which rounds out all of the leaked CIA files published by WikiLeaks today. Another Vault 7 release earlier this summer focused on the use of modified versions of router firmware to turn networking devices into surveillance tools, called "Cherry Blossom."

Due to the older Mac software used for testing Achilles and SeaPea, it's likely that such exploits have already been addressed by Apple in the numerous updates that have been released since Snow Leopard in 2009 and Lion in 2011. The previous vulnerabilities leaked by WikiLeaks in March were quickly addressed by Apple, which said that it had fixed the "alleged" vulnerabilities in iPhone 3G devices (called "NightSkies") back in 2009, and the Sonic Screwdriver Mac exploit in all Macs released after 2013.

Top Rated Comments

(View all)
Avatar
43 months ago
Guess all those Snow Leopard fanatics are going to have to finally upgrade... ;)
Score: 11 Votes (Like | Disagree)
Avatar
43 months ago
I don't understand how Americans let alone the rest of the world are not up in arms about these state funded programs..
Score: 9 Votes (Like | Disagree)
Avatar
43 months ago
Funny that this article doesn’t have the “Due to the political nature...” “warning” and restrictions but far less political and controversial ones often do.

I don’t believe all this secrecy is ultimately benefial or worth the risks to privacy and misuse.

The code name “Imperial” says it all. Our governments think they’re imperial masters/overloads and we are subjugated like pawns to them.
Score: 5 Votes (Like | Disagree)
Avatar
43 months ago

I don't understand how Americans let alone the rest of the world are not up in arms about these state funded programs..

Agreed.

Because the same state funded programs pay "influencers' all over the internet to scream "conspiracy theory" when this stuff gets released.

Simple.
Score: 3 Votes (Like | Disagree)
Avatar
43 months ago

In the Achilles user guide, ...

It's a bad state of affairs when a piece of government spyware is more user-friendly than the majority of applications out there.
Score: 3 Votes (Like | Disagree)
Avatar
43 months ago

Guess all those Snow Leopard fanatics are going to have to finally upgrade... ;)

Lol, not a chance!
Score: 3 Votes (Like | Disagree)

Top Stories

Apple References Unreleased 2020 16-Inch MacBook Pro in Boot Camp Update

Monday October 26, 2020 8:42 am PDT by
Last week, Apple released an update for Boot Camp, its utility for running Windows on a Mac. While this update would typically be unremarkable, several of our readers noticed that the release notes reference an unreleased 2020 model of the 16-inch MacBook Pro. While this could easily be a mistake, the 16-inch MacBook Pro is nearly a year old, so it is certainly a worthy candidate for a...

Google Reportedly Pays Apple $8-12 Billion Per Year to be Default iOS Search Engine

Sunday October 25, 2020 2:59 pm PDT by
The United States Justice Department is targeting a lucrative deal between Apple and Google as part of one of the U.S. government's largest antitrust cases, reports The New York Times. On Tuesday, the Justice Department filed an antitrust lawsuit against Google, claiming the Mountain View-based company used anticompetitive and exclusionary practices in the search and advertising markets to ...

iPhone 12 Pro Allows You to Measure Someone's Height Instantly Using LiDAR Scanner

Saturday October 24, 2020 11:12 am PDT by
iPhone 12 Pro models feature a new LiDAR Scanner for enhanced augmented reality experiences, but the sensor also enables another unique feature: the ability to measure a person's height instantly using the Measure app. You can even measure the seated height of a person in a chair, according to Apple. When the Measure app detects a person in the viewfinder, it automatically measures their...

MagSafe Charger Only Charges at Full 15W Speeds With Apple's 20W Power Adapter

Monday October 26, 2020 3:38 pm PDT by
Alongside the iPhone 12 and 12 Pro models, Apple introduced a new MagSafe charger that attaches to the magnetic ring in the back of the devices, providing up to 15W of charging power, which is double the speed of the 7.5W Qi-based wireless charging maximum. Apple does not provide a power adapter with the $39 MagSafe charger, requiring users to supply their own USB-C compatible option. Apple...

Early iPhone 12 Tests Show Ceramic Shield is Stronger and More Scratch Resistant Than iPhone 11 Glass

Friday October 23, 2020 1:21 pm PDT by
Apple's new iPhone 12 models are protected by a Ceramic Shield cover glass that has nano-ceramic crystals infused right into the glass to improve durability. According to Apple, Ceramic Shield offers four times better drop protection than the glass used for the iPhone 11 models. YouTube channel MobileReviewsEh conducted some tests on the iPhone 12 using a force meter to compare its performance ...

iPhone 12 Six-Foot Drop Test Results: Ceramic Shield More Durable But Not Damage Proof

Monday October 26, 2020 5:00 am PDT by
Apple's new iPhone 12 and iPhone 12 Pro feature a new Ceramic Shield screen that Apple says offers 4x better drop performance. To test that claim, Allstate Protection Plans put the two models through a range of breakability tests and recorded the results. In a face down sidewalk drop test at six feet, the iPhone 12 suffered small cracks and scuffed corners and edges, leaving sharp grooves in ...

Bloomberg: New AirPods and AirPods Pro Coming in 2021, AirPods Studio Delayed, Third HomePod Model Also Possible

Monday October 26, 2020 3:34 am PDT by
Apple plans to update its AirPods line next year with two new models including third-generation AirPods and second-generation AirPods Pro, according to a new report from Bloomberg. The Cupertino, California-based technology giant is working on two new models: third-generation entry-level AirPods and the second version of the AirPods Pro earbuds, according to people familiar with the plans. ...

Report: Apple Silicon iMac Featuring Desktop Class 'A14T' Chip Coming First Half of 2021

Tuesday October 27, 2020 4:14 am PDT by
The first iMac powered by Apple Silicon is set to arrive in the first half of next year and will feature a desktop class "A14T" chip, according to Chinese-language newspaper The China Times. Codenamed "Mt. Jade," Apple's first custom-made desktop processor will be twinned with its first self-developed GPU, codenamed "Lifuka," both of which are being produced using TSMC's 5-nanometer process, ...

iPhone 11 Pro Outlasts iPhone 12 and 12 Pro in Extensive Battery Life Test

Friday October 23, 2020 8:36 am PDT by
Arun Maini today shared a new side-by-side iPhone battery life video test on his YouTube channel Mrwhosetheboss, timing how long the new iPhone 12 and iPhone 12 Pro models last on a single charge compared to older models, with equal brightness, settings, battery health, and usage. All of the devices are running iOS 14 without a SIM card inserted. In the test, the iPhone 11 Pro outlasted both ...

Apple Warns MagSafe Charger Can Leave Circular Imprints on Leather Cases

Friday October 23, 2020 3:23 pm PDT by
If you keep your iPhone in a leather case while charging with Apple's new MagSafe Charger, the case might show circular imprints from contact with the accessory, according to a new Apple support document published today. Apple's leather cases for the iPhone 12 and iPhone 12 Pro are not available until November 6, but a MacRumors reader has already shared a photo of a circular imprint on...