WikiLeaks’ CIA Vault 7 Documents Reveals Know-How Of Covert Hacking Operation For Mac Devices

By Edwin Kee
Apple logo
Apple has sent a letter to the US National Highway Traffic Safety Administration (NHTSA). It seemed to confirm the interest of the company in the further development of self-driving technology. The company has expressed excitement about automated systems in areas such as the transportation but asked NHTSA not to impose too many restrictions on testing self-driving cars. Rob Pongsajapan via Flickr

WikiLeaks have been in the eye of the storm for a long time now, having made its mark by releasing documents of government wires to the masses which certainly riled more than just a few feathers. This time around, we have a whole new batch of CIA "Vault 7" documents which have been published already. This second batch of such documents point to the tricks of the trade employed by the CIA in penetrating different kinds of Mac hardware. While that might sound scary, none of these happen to be that alarming, since the published penetration methods do not imply to be accompanied by wide-reaching consequences, as they all need some sort of physical device access before implementation.

Skies and everything dark
The second batch of “Vault 7” documents is definitely not as large as the first. This time around, it focuses on plenty of Apple hardware, with a handful of macOS vulnerabilities as well as attack vectors that make use of the EFI routines which happen to control the boot process. "DarkSeaSkies" is used to target the MacBook Air, where it will make use of an EFI injection that is known as "DarkMatter". This will result in the installation of a "SeaPea" kernel attack, whereas "NightSkies" happens to be a piece of malware and keylogging combination.

The DarkSeaSkies package will be delivered via a "Sonic Screwdriver" which comes in the form of either a USB flash drive or modified Thunderbolt to Ethernet adapter. DarkSeaSkies will take advantage of a Thunderbolt exploit has since been patched a couple of years back after its discovery in 2014, so there is not much to worry about.

The iPhone is not immune, either
What is interesting to note is the fact that the CIA had already begun to look for ways to hack into the iPhone just a year after it has been released. This was confirmed by an offshoot of "NightSkies", which also happens to be available for the iPhone back in 2008. The “NightSkies” variant is installed through "interdicting mail orders and other shipments", but at the very least, this is not a remote attack of any kind.

OS X Mavericks could be vulnerable
Something that is far more recent would be OS X Mavericks, where the "DerStarke" package might actually be used to break into OS X Mavericks when it was still being developed. This particular package continues to target the EFI compromise, but it certainly does not seem to be that potent as the "SeaPea" vector which does a pretty good job at targeting the MacBook Air.

Do take note that the EFI exploits continue to remain after a reboot, due to a self-reinstallation process post reboot if left unmitigated. An Apple firmware update would do the trick when it comes to a permanent resolution. However, this will not be the case if someone has physical access to the machine to perform a reinfection.

So far, it seems, that the CIA's Center for Cyber Intelligence (CCI) group has targeted over 10,000 individuals around the world with a myriad of devices: iOS, Windows, and Android falling under their “umbrella”, smart TVs included.

    Most Popular
  • Is 'The Last Supper' worth watching? Audience and critics weigh in

    Is 'The Last Supper' worth watching? Audience and critics weigh in

    Faith-based films often receive mixed reactions, and The Last Supper is no exception. The movie attempts to bring a fresh perspective to one of the most iconic moments in Christian history, but does it succeed? Some reviews from critics and audiences provide insight into its strengths and shortcomings.

  • ‘The Chosen’ Season 5: The darkest season yet—What to know before watching

    The wait is over—The Chosen is back with its fifth season, and this time, things are getting intense. The new episodes dive straight into the final days of Jesus’ life, covering some of the most emotional and dramatic moments in the Bible. If you’ve been following the series, you already know that The Chosen isn’t just about retelling familiar stories—it’s about bringing them to life in a way that feels real.

  • Massacres in Syria: Over 1,000 dead, including Christians and Alawites

    Syria’s coastal regions have been devastated by a series of massacres, with reports indicating that over 1,000 people—many from Christian and Alawite communities—have been killed in brutal attacks. Entire families have been wiped out, and survivors are fleeing in search of safety as sectarian violence escalates.

  • Kim Sae-ron and Wheesung: The tragic irony of Korean society and the principles of happiness

    Not long ago, the media was in an uproar over actress Kim Sae-ron’s passing. Just months before, the same people who had relentlessly criticized her for her DUI incident were now expressing sympathy, saying, "The world was too harsh on her." The irony is impossible to ignore.

  • Newsboys move forward as a quartet after Michael Tait’s departure

    After more than a decade as the lead singer of the Newsboys, Michael Tait has officially parted ways with the band, marking a significant shift in the Christian rock group’s lineup. The remaining members—Jeff Frankenstein, Jody Davis, Duncan Phillips, and Adam Agee—have assured fans that they will continue forward, embracing a new season of music and ministry.

Top Stories