Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

WikiLeaks won’t publish zero-day exploit details until developers can fix them

Add as a preferred source on Google

WikiLeaks made history this week by releasing the largest trove of confidential CIA documents ever, including over 7,818 web pages, 943 attachments, and hundreds of millions of lines of code. Called “Vault 7,” the collection included a slew of hacking and cyber espionage tools used by the CIA between 2013 and 2016.

Among the tools that were leaked are various malware, viruses, and remote control systems capable of infecting Windows, MacOS, Linux, Android, and iOS. WikiLeaks released general information about the tools, but it also possesses the details of a number of weaponized “zero-day” vulnerabilities — which the organization isn’t releasing just yet, as Krebs on Security reports.

Recommended Videos

Zero-day vulnerabilities are bugs that have opened software up to active exploits and about which the software’s developer is unaware. Google has its own Project Zero, which identifies zero-day vulnerabilities, notifies the developer, and then waits 90 days before it publishes the vulnerability — whether or not the developer has fixed it.

WikiLeaks editor-in-chief Julian Assange has indicated that his organization won’t be following Project Zero’s lead. In a WikiLeaks press conference, Assange said, “After considering what we think is the best way to proceed, and hearing these calls from some of the manufacturers, we have decided to work with them to give them exclusive access to additional technical details we have, so that fixes can be developed and pushed out.”

Only when the vulnerabilities are patched will WikiLeaks publish the details. WikiLeaks posted a poll on Twitter, and the majority of respondents answered that the organization should work with technology companies on fixes. The next most popular response was, “No, they’re the problem.”

Tech companies are saying they need more details of CIA attack techniques to fix them faster. Should WikiLeaks work directly with them?

— WikiLeaks (@wikileaks) March 8, 2017

WikiLeaks didn’t provide any additional information on how it would be working with developers to ensure the zero-day vulnerabilities are fixed or on how long it expected the process to take. While the documentation that has already been leaked could lead to exploits, at least the details required to easily make use of these now-known vulnerabilities won’t be making it to the wild before patches can be created and provided to users.

Mark Coppock
Former Computing Writer
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more
Apple doesn’t want to share this AirPods feature with Meta, but the EU may force its hand
Spring 2027, EU only, built under DMA pressure.
The front of the Ray-Ban Meta smartglasses.

I’ve been an AirPods user for the last four years, and one of the things that makes it genuinely hard to leave behind is the seamless, almost magical pairing experience across devices. Open an AirPods case near your iPhone, and a pop-up appears within seconds. Switch to your Mac and the audio follows. 

However, the experience is limited only to Apple devices. Doesn’t matter whether you have one of the coolest pieces of tech on the market right now; if it’s not Apple, it won’t get the same treatment. However, that might change for the Meta Quest or the Ray-Ban Meta glasses, thanks to pressure from the EU. 

Read more