Apple says recent Wikileaks CIA docs detail old, fixed iPhone and Mac exploits

If you&#x27;re not familiar with the iPhone platform and you&#x27;re interested in just one technical detail to help navigate these stories, let it be this: the iPhone 3G platform bears very little resemblance to the modern, post-touch-ID phone. The platform security system at every level, from boot chain to hardware domains to OS security, evolved more in the last 10 years than any previous platform had in 20 years prior.<p>That doesn&#x27;t make an iPhone 7 impregnable, but it should inform any analysis you do of stories about phones being tampered with &quot;starting in 2008&quot;; that&#x27;s a little like talking about SMTP server security &quot;starting in 1993&quot;.

Yes, it is an old exploit. This ArsTechnica article [1] has more on the timeline<p>[1] <a href="https:&#x2F;&#x2F;arstechnica.com&#x2F;security&#x2F;2017&#x2F;03&#x2F;new-wikileaks-dump-the-cia-built-thunderbolt-exploit-implants-to-target-macs&#x2F;" rel="nofollow">https:&#x2F;&#x2F;arstechnica.com&#x2F;security&#x2F;2017&#x2F;03&#x2F;new-wikileaks-dump-...</a>

if you&#x27;re interested in how iOS security works, apple publishes white papers on the subject.<p><a href="https:&#x2F;&#x2F;www.apple.com&#x2F;business&#x2F;docs&#x2F;iOS_Security_Guide.pdf" rel="nofollow">https:&#x2F;&#x2F;www.apple.com&#x2F;business&#x2F;docs&#x2F;iOS_Security_Guide.pdf</a>

The CIA exploits are important because most people never update anything. It doesn&#x27;t matter if you have fixed the OS for the exploit if the fix is never installed.

Keep in mind, not everyone has the newest shiny iPhone7 in the world. The HN crowd probably is not representing the average iPhone user.

I wonder how old the leaked CIA docs are though. Are there any contextual clues that it&#x27;s current?<p>Someone might have sat on a copy for years before leaking.<p>Edit: Quick scan shows there are some docs with dates in 2013, 2014, 2015. So at least some of it is fairly recent. No real way to tell, though, if it was all pulled at once, assembled over time, etc.

Apple fixed those particular exploits, yes.

If there were ever any doubt that Wikileaks is a bad actor, let this be the proof.<p>Regardless of the fact that this is a patched, nearly decade-old exploit, they&#x27;re trying to make a scene rather than go through ethical channels.

CIA must have a bunch of embedded workers at Apple, Google, etc all adding subtle bugs that can later be used to hack the devices and services. I imagine other intelligence agencies must have them too. If they don&#x27;t, then they&#x27;re not doing their job.

&gt; Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released.<p>&quot;fixed&quot; probably isn&#x27;t the right word.

This is the same Apple that has maintained on their website that their OS is &quot;secure by design&quot; and no additional security steps are needed.<p>See <a href="http:&#x2F;&#x2F;cc.bingj.com&#x2F;cache.aspx?q=%22secure+by+design%22+site%3aapple.com&amp;d=5011627184166823&amp;mkt=en-US&amp;setlang=en-US&amp;w=Xmhyb2VI15fnBjltF7miMeCVnoX2utCg" rel="nofollow">http:&#x2F;&#x2F;cc.bingj.com&#x2F;cache.aspx?q=%22secure+by+design%22+site...</a>