Getting lots of security updates means Linux likely patched all those vulnerabilities the CIA discovered

Mar 9, 2017 13:20 GMT  ·  By

The Linux Foundation has come out to speak about the Vault 7 revelations via WikiLeaks regarding CIA's hacking powers which extend to Linux devices, claiming that thanks to the open-source nature of Linux, the operating system is constantly updated with new security fixes, likely covering all those vulnerabilities the CIA may have discovered and exploited. 

"Linux is a very widely used operating system, with a huge installed base all around the world, so it is not surprising that state agencies from many countries would target Linux along with the many closed source platforms that they have sought to compromise," Nicko van Someren, CTO at the Linux Foundation, told the Inquirer.

"Linux is an incredibly active open source project. Thousands of professional developers and volunteers - including many of the most talented in the world - are constantly contributing improvements and fixes to the project. This allows the kernel team to release updates every few days - one of the fastest release cycles in the industry. Rapid release cycles enable the open source community to fix vulnerabilities and release those fixes to users fasters," he added.

Apple has likely fixed everything too

Linux isn't the only company to come up with a response to the WikiLeaks trove of documents regarding the CIA's hacking tools. Apple has also come forward saying that it has fixed many of the vulnerabilities referenced in the Wiki files.

Apple's spokesperson expresses the company's commitment to safeguarding their customers' privacy and security.

"While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates," the company said.

Apple added that about 80% of users are running the latest version of iOS, so they should be quite protected. Unless, of course, CIA found another zero-day vulnerability in there too, or one that was left unpatched because Apple didn't know about it. That, however, is the problem with just about any type of software.

The documents exposed by WikiLeaks include charts detailing iOS exploits that would allow the CIA to turn iPhones into spying gear and, in some cases, to even control the devices. According to the same files, the CIA developed some of the exploits, while others were purchased or copied. The same was done in regards to Android vulnerabilities, which Google addressed already. 

By opening Vault 7, WikiLeaks tried to shock the world with what the CIA can do and how extensive its operations are. However, that's the CIA's job so it shouldn't really surprise anyone that it has developed malware and viruses and exploits based on zero-day vulnerabilities to get the job done. What should upset everyone, however, is that they've taken advantage of these zero-day vulnerabilities instead of informing tech companies about them in order to protect billions of users, something they've been asked repeatedly. After all, if the CIA hackers could find the bug, others could too and those individuals may not be after tapping the phone of a few select targets.