Wikileaks publishes two more Mac-specific exploits from CIA Vault 7 files

Posted by:
Date: Friday, July 28th, 2017, 05:49
Category: Hacks, News, security, Software

If you’re interested in security, you’ll like this.

Wikileaks has just Wikileaks published two more Mac exploits from the so-called CIA Vault 7 under the name Project Imperial. The new exploits—Achilles and SeaPea—affect older versions of OS X, such as Mac OS X 10.6 Snow Leopard and Mac OS X 10.7 Lion.

The exploits behave as follows:

The first exploit, called Achilles, lets an attacker trojan an OS X disk image (.dmg) installer with one or more specified executables for a one-time execution. In the user guide included in the leaked documents, the infected DMG file could be presented as a valid piece of software.

When the user copies it over to their Applications folder, the trojan executes whatever the attacker wants. After execution, all traces of Achilles files will be removed securely from the app. Achilles was tested on OS X 10.6 Snow Leopard.

The second exploit is called SeaPea, and it’s a rootkit that lets the attacker launch tools, hide files and directories, socket connections, and/or processes. This exploit was tested on Macs running OS X 10.6 Snow Leopard and OS X 10.7 Lion. It also needs root access in order to be installed. However, SeaPea can be removed from the Mac if the hard drive is reformatted or upgraded to the next version of OS X.

While these may sound scary, the good news is that these exploits won’t work on more current operating systems, such as macOS Sierra.

Finally, just remember to grab the latest updates and security patches and your Mac should be safe.

Via The Mac Observer

Recent Posts

Comments are closed.