WikiLeaks Continues 'Vault 7' With New Documents Detailing Mac-Related CIA Exploits

WikiLeaks today continued its "Vault 7" series by leaking details concerning CIA-related programs that were built with the intent to infect iMac and MacBook devices. Today's "Dark Matter" installation of Vault 7 follows a few weeks after WikiLeaks debuted "Year Zero," which focused on exploits that the CIA created for iOS devices. In a response the same day that Year Zero came out, Apple said that many of the vulnerabilities in the leak were already patched.

Now, WikiLeaks is shedding light on Mac-related vulnerabilities and exploits, which the leakers claim "persists even if the operating system is re-installed." The project in question, created and spearheaded by the CIA's Embedded Development Branch, is called the "Sonic Screwdriver" and represents a mechanism that can deploy code from a peripheral device -- a USB stick, or the "screwdriver" -- while a Mac is booting up.

macbookpromodelssideview
According to WikiLeaks, this allows an attacker "to boot its attack software" even if the Mac has a password enabled on sign-up. In the report, it's said that the CIA's own Sonic Screwdriver has been stored safely on a modified firmware version of an Apple Thunderbolt-to-Ethernet adapter. Besides the Doctor Who-referencing exploit, Dark Matter points towards yet another bounty of CIA programs aimed at gathering information, infecting, or somehow crippling a Mac device.

"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

Dark Matter isn't exclusively Mac focused, however, and includes a few new iPhone exploits in the round-up as well. One is called "NightSkies 1.2" and is described as a "beacon/loader/implant tool" for the iPhone that is designed to be physically installed on an iPhone directly within its manufacturing facility. This conspiracy-leaning exploit is said to date back to 2008 -- one year after the first iPhone debuted -- and suggests, according to WikiLeaks, that "the CIA has been infecting the iPhone supply chain of its targets since at least 2008."

While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

The full list of the new Dark Matter documents can be found on WikiLeaks, and we're likely to see more Apple-related WikiLeaks as the Vault 7 series continues. As it was with Year Zero, it'll still take some time for security analysts and experts to determine the full impact of today's leaks.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Popular Stories

Generic iOS 19 Feature Mock Light

iOS 19 Rumored to Be Compatible With These iPhones

Sunday December 22, 2024 8:09 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cites a source within Apple. The report said that iOS 19 will be compatible with any iPhone that is capable of running iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro ...
m3 macbook air blue

Apple Accidentally Leaked the Next MacBook Air

Sunday December 22, 2024 8:33 am PST by
Apple earlier this month released macOS 15.2, and in doing so it accidentally confirmed new MacBook Air models coming next year. Apple accidentally released macOS 15.2 restore files for unreleased "‌MacBook Air‌ (13-inch, M4, 2025)" and "‌MacBook Air‌ (15-inch, M4, 2025)" models. While it no surprise that the 13-inch and 15-inch MacBook Air models were going to be updated with the M4 ...
iPhone 17 Slim Feature Single Camera 2 Redux

Top 5 Apple Products to Look Forward to in 2025

Friday December 20, 2024 2:22 pm PST by
It's looking like 2025 is going to be an important year for Apple, with the company planning to revamp the iPhone, push further into smart home products, and improve Apple Intelligence. There are tons of new products rumored for 2025, including new iPhones, M4 Macs, a smart home command center, and much more. We've highlighted the top five Apple products that will have the biggest impact in...
Generic iOS 18 Feature Real Mock

iOS 18.2.1 Update Coming Soon for iPhone

Saturday December 21, 2024 4:45 pm PST by
Apple appears to be internally testing iOS 18.2.1 for the iPhone, based on evidence of the software update in our website's analytic logs this week. The logs have accurately revealed many iOS versions before they were released. iOS 18.2.1 should be a minor update that fixes bugs and/or addresses security vulnerabilities, but it is unclear which specific issues might be resolved. The update...
iPhone 16 Apple Store

iPhone Sizes Change Next Year: What to Know

Monday December 23, 2024 7:40 am PST by
This year, Apple tweaked iPhone 16 Pro screen sizes to make them bigger than 2023's iPhone 15 Pro models, and next year we are also expecting a change in the size of the displays in the iPhone 17 lineup. Here's what we know. Standard iPhone 17 Apple could introduce a new display size for the standard iPhone 17 model in 2025. The iPhone 17 could measure in at 6.3 inches, up from 6.1 inches,...
AirTag and Lavender iPhone

AirTag 2 Launching Next Year With These New Features

Tuesday December 24, 2024 8:35 am PST by
Apple is expected to release an AirTag 2 next year, and a few new features and changes have already been rumored for the item tracker. Below, we recap what to expect from the AirTag 2: The new AirTag is expected to be equipped with Apple's second-generation Ultra Wideband chip for longer range. The chip debuted last year in the iPhone 15 and the Apple Watch Ultra 2, and Apple said it...
iphone 16 pro design cameras

iPhone 18 Pro Rumored to Be More Like DSLR Camera With This Upgrade

Monday December 23, 2024 6:24 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are still nearly two years away from launching, a new feature has already been rumored for the devices. In a blog post today, Apple supply chain analyst Ming-Chi Kuo reiterated that the main rear camera on both iPhone 18 Pro models will offer variable aperture, which would be a first for the iPhone. The main camera refers to the 48-megapixel...
Google Nest Hub 2

New 'HomePod' With 7-Inch Display, A18 Chip, and More Reportedly Launching Next Year

Saturday December 21, 2024 2:03 pm PST by
Apple plans to release a new "HomePod" with a 7-inch LCD display, an A18 chip, and Apple Intelligence support in 2025, according to DigiTimes. Google's Nest Hub It is unclear how much the screen-equipped HomePod would cost, but Apple is seemingly aiming for a reasonable price. In a paywalled report this week, the supply chain publication said Apple has selected China-based manufacturer Tianma ...

Top Rated Comments

arggg14 Avatar
101 months ago
Hope they bring a dongle to install the malware!
Score: 26 Votes (Like | Disagree)
magicschoolbus Avatar
101 months ago
Not surprising the government has a secret arsenal of weapons to gather cyber information on multiple platforms and devices. The part that bothers me is how far they go to do it to the average person.
Score: 14 Votes (Like | Disagree)
Juicy Box Avatar
101 months ago
Probably the most harmful thing Apple has done is try to con their customers into thinking their gadgets are secure.
I think it is a little different when you are talking about this situation, considering you need physical access to the device.

Also, I don't ever remember Apple saying that Macs were 100% secure for any attack. They did say that iPads don't get PC viruses though, which is true. Just like I don't get PC viruses.
Score: 14 Votes (Like | Disagree)
WinstonRumfoord Avatar
101 months ago
What's more bothersome is if these exploits get into the wrong hands. And that's entirely possible.
When, not if.
Score: 13 Votes (Like | Disagree)
Corrode Avatar
101 months ago
Hope they bring a dongle to install the malware!
Don't you get it?? The dongle IS the malware.


/s
Score: 12 Votes (Like | Disagree)
smallcoffee Avatar
101 months ago
So, it sounds like code could only be done with having physical access to the device itself.

Interesting spy stuff.
Yes. Physical security is #1. Without it, you're compromised.

I will post a good security guide I found:

https://github.com/drduh/macOS-Security-and-Privacy-Guide/blob/master/README.md
Score: 10 Votes (Like | Disagree)