Wikileaks published two more Mac exploits from the so-called CIA Vault 7 under the name Project Imperial. The new exploits—Achilles and SeaPea—affect older versions of OS X, Snow Leopard and Lion.
We first learned about the stunning leak of computer exploits used by the CIA in March, when WikiLeaks released some 8,761 documents. These included both iOS and Mac exploits, though so far they’ve been limited in scope.
The first exploit, called Achilles, lets an attacker trojan an OS X disk image (.dmg) installer with one or more specified executables for a one-time execution. In the user guide included in the leaked documents, the infected DMG file could be presented as a valid piece of software.
When the user copies it over to their Applications folder, the trojan executes whatever the attacker wants. After execution, all traces of Achilles files will be removed securely from the app. Achilles was tested on OS X 10.6 Snow Leopard.
The second exploit is called SeaPea, and it’s a rootkit that lets the attacker launch tools, hide files and directories, socket connections, and/or processes. This exploit was tested on Macs running OS X 10.6 Snow Leopard and OS X 10.7 Lion. It also needs root access in order to be installed. However, SeaPea can be removed from the Mac if the hard drive is reformatted or upgraded to the next version of OS X.
Are You Safe?
Short answer: yes, if you’re running a more modern version of OS X or macOS. It doesn’t sound as if these exploits will work on modern Macs.
To that end, that is the most important thing you can do to protect your systems. Always upgrade to the latest operating system, because you’ll get fresh security patches.