A new batch of documents released by WikiLeaks on Tuesday, which purport to expose a range of spying tactics by the Central Intelligence Agency, claim the agency exploits vulnerabilities in Apple’s iOS operating software. In other words, the CIA is able to spy on users’ iPhones.
In response, Apple (AAPL) issued a statement that appeared to validate the claims published by WikiLeaks, and also claimed the company believes it has fixed most of the flaws identified in the documents.
The news comes as the tech industry and U.S. Intelligence community is still assessing the implications of the release of the WikiLeaks documents, which appear to be genuine, and which describe a variety of ways the CIA is able to spy on smartphones and Internet-connected television sets.
In the case of Apple, a summary of the documents by WikiLeaks says the CIA has dedicated a “disproportionate” amount of attention to iOS, perhaps because iPhones are used by “elites” (emphasis mine):
Despite iPhone’s minority share (14.5%) of the global smartphone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
The WikiLeaks trove also includes a list of hacks the CIA has developed or purchased in order to spy on iPhones, including some details on how the exploit the vulnerabilities.
Get Data Sheet, Coins2Day’s technology newsletter.
In a statement to Coins2Day, Apple said it is aware of many of the vulnerabilities and has already patched them. It also urged customers to stay current with software updates.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates,” the statement read in part.
Apple did not address how long it would take the company to address all the vulnerabilities.
Despite the dramatic nature of the WikiLeaks dump, this is hardly the first report of the CIA targeting Apple and other device makers as a technique for spying. Such practices are common among intelligence agencies, which look for security holes in consumer products as a means to conduct espionage. One of the more high-profile examples came when the FBI reportedly purchased a software vulnerability in order to access the iPhone of a dead terrorist involved in last year’s massacre at San Bernardino.
