New Mac Exploits From CIA Vault 7 Published by WikiLeaks

1 minute read
| News

Wikileaks published two more Mac exploits from the so-called CIA Vault 7 under the name Project Imperial. The new exploits—Achilles and SeaPea—affect older versions of OS X, Snow Leopard and Lion.

We first learned about the stunning leak of computer exploits used by the CIA in March, when WikiLeaks released some 8,761 documents. These included both iOS and Mac exploits, though so far they’ve been limited in scope.

Achilles

The first exploit, called Achilles, lets an attacker trojan an OS X disk image (.dmg) installer with one or more specified executables for a one-time execution. In the user guide included in the leaked documents, the infected DMG file could be presented as a valid piece of software.

When the user copies it over to their Applications folder, the trojan executes whatever the attacker wants. After execution, all traces of Achilles files will be removed securely from the app. Achilles was tested on OS X 10.6 Snow Leopard.

Image of OS X Snow Leopard box, which is what the latest exploits from CIA Vault 7 run on.

SeaPea

The second exploit is called SeaPea, and it’s a rootkit that lets the attacker launch tools, hide files and directories, socket connections, and/or processes. This exploit was tested on Macs running OS X 10.6 Snow Leopard and OS X 10.7 Lion. It also needs root access in order to be installed. However, SeaPea can be removed from the Mac if the hard drive is reformatted or upgraded to the next version of OS X.

Are You Safe?

Short answer: yes, if you’re running a more modern version of OS X or macOS. It doesn’t sound as if these exploits will work on modern Macs.

To that end, that is the most important thing you can do to protect your systems. Always upgrade to the latest operating system, because you’ll get fresh security patches.

One Comment Add a comment

  1. CudaBoy

    Mac OS is absolutely not safe. Fruit Fly is serious and it’s primitive pre-OS X code can control all recent Macs cameras and mouse in the background -indeed have access to your hard drive for snooping. It is nearly undetectable. Apple released patches for OLD FF code but it’s fresh and new for your Sierra.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account