Wikileaks Exposes Mac-Related Exploits in Latest 'Vault 7' Data Dump

Today, March 23, Wikileaks has published its latest in a series of reports that purportedly show how the U.S. Central Intelligence Agency (CIA) uses technology to spy. Part two of the “Vault 7” series, which Wikileaks calls “Dark Matter,” focuses on how the agency uses Mac-related vulnerabilities and infestation programs.

Created by the CIA’s Embedded Development Branch, the so-called “Sonic Screwdriver,” allows someone to deploy exploitive code from a peripheral device while a Mac is booting up. From there, the person can gather information from the device or disable it, even if the machine is password protected.

As Wikileaks explains:

Among others, these documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

In total, Wikileaks has released five reports as a part of today’s leak.

Two weeks ago, Wikileaks released 8,761 documents that it claimed shows that the CIA has developed and obtained zero-day exploits for iOS devices. Soon after, Apple said that many of those exploits had already been corrected.

Cupertino has yet to comment on today’s leak.

We’ll continue to follow this story …