Wikileaks' latest Vault 7 document dump reveals CIA infection of 'factory fresh' iPhones and Mac firmware

Documents reveal that the CIA has been infecting iPhones since 2008

Wikileaks has released the latest tranche of documents from its Vault 7 document dump, this time focusing on the CIA's MacOS cracks - a leak that indicates that Apple has eschewed Wikileaks' offer of cooperation over disclosures of security flaws in vendors' software and hardware.

The latest documents detail how the CIA has exploit software flaws in order to infect MacOS firmware and 'factory fresh' iPhones. Apple, however, claims that the exploits highlighted in the documents are out-of-date and have long been fixed.

Dubbed 'Dark Matter', it reveals details of the so-called 'Sonic Screwdriver' project, which was created and spearheaded by the CIA's Embedded Development Branch. This, according to the CIA is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.

This means that an attacker could install malicious software via a USB stick, for example, even if a firmware password is required, meaning the read-only memory of a device can be modified. The CIA's infector makes use of a modified Apple Thunderbolt to Ethernet adapter.

Wikileaks' documents reveal that the CIA is also making use of 'DarkSeaSkies', which it describes as "an implant that persists in the EFI firmware of an Apple MacBook Air computer", along with "'Triton' MacOS malware, its infector 'Dark Mallet', and its EFI-persistent version 'DerStake'."

We already knew that iPhones have been closely targeted by the CIA, but 'Dark Matter' reveals that, using a 'beacon/loader/implanter tool' called 'NightSkies 1.2', that has reportedly been designed to be physically installed onto factory fresh iPhones.

Wikileaks adds that NightSkies had reached version 1.2 by 2008, noting "the CIA has been infecting the iPhone supply chain of its targets since at least 2008".

Wikileaks concludes: "While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical-access attacks have infected the targeted organisation's supply chain, including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."

In a statement issued overnight, however, Apple claimed that the revelations contained within the documents were out-of-date.

"Based on our initial analysis, the alleged iPhone vulnerability affected iPhone 3G only and was fixed in 2009 when iPhone 3GS was released. Additionally, our preliminary assessment shows the alleged Mac vulnerabilities were previously fixed in all Macs launched after 2013," claimed the Apple statement.

It continued: "We have not negotiated with Wikileaks for any information. We have given them instructions to submit any information they wish through our normal process under our standard terms.

"Thus far, we have not received any information from them that isn't in the public domain. We are tireless defenders of our users' security and privacy, but we do not condone theft or coordinate with those that threan to harm our users."