Skip to main content

Intel Security releases MacBook scanner for CIA Vault 7 rootkits

intel security cia macbook rootkit pro stock image
We’re just a few days removed from the WikiLeaks publication, Vault 7, that outlined many of the supposed hacking tools at the disposal of the CIA. It has left tech firms scrambling for fixes and has raised questions over what products and services are most at risk, especially as the dust and sensationalism settles around just what kind of powers the CIA wielded with these so-called cyber weapons.

Intel Security, in response, has released a new tool for making sure your MacBook isn’t vulnerable to one of the many exposed techniques. According to the tranche of documents, the CIA had developed an EFI (Extensible Firmware Interface) rootkit for MacBooks. The rootkit, called DarkMatter, would replace the BIOS on a MacBook and run malicious code. Rootkits are pretty advanced pieces of malware, designed to avoid detection.

Inter Security, which will be rebranded under the McAfee name once again soon, published the scanner to help users identify if they are affected. The scanner is a module for CHIPSEC, Intel’s framework for analyzing PC security.

“EFI firmware malware is a new frontier for stealth and persistent attacks that may be used by sophisticated adversaries to penetrate and persist within organizations and national infrastructure for a very long time. Use open-source CHIPSEC to defend from this threat and stay safe,” said the company.

The update from Intel comes just a couple of days after Apple issued a note to users stating that it has resolved many of the bugs and vulnerabilities that had emerged from the CIA document dump. Intel’s move will provide another fix to the wide array of issues that have cropped up since WikiLeaks published the data.

The whistleblower organization added later in the week that it would not publish details about the CIA’s zero-days — bugs that have yet to be discovered by the software’s developers — until it has alerted the developers to patch the bug, thus providing at least a little more protection for users.

Editors' Recommendations