Skip to main content

WikiLeaks won’t publish zero-day exploit details until developers can fix them

wikileads hits snags in working with companies on fixing cia hacks julian assange wikileaks v2
Cancillería del Ecuador/Flickr
WikiLeaks made history this week by releasing the largest trove of confidential CIA documents ever, including over 7,818 web pages, 943 attachments, and hundreds of millions of lines of code. Called “Vault 7,” the collection included a slew of hacking and cyber espionage tools used by the CIA between 2013 and 2016.

Among the tools that were leaked are various malware, viruses, and remote control systems capable of infecting Windows, MacOS, Linux, Android, and iOS. WikiLeaks released general information about the tools, but it also possesses the details of a number of weaponized “zero-day” vulnerabilities — which the organization isn’t releasing just yet, as Krebs on Security reports.

Recommended Videos

Zero-day vulnerabilities are bugs that have opened software up to active exploits and about which the software’s developer is unaware. Google has its own Project Zero, which identifies zero-day vulnerabilities, notifies the developer, and then waits 90 days before it publishes the vulnerability — whether or not the developer has fixed it.

Please enable Javascript to view this content

WikiLeaks editor-in-chief Julian Assange has indicated that his organization won’t be following Project Zero’s lead. In a WikiLeaks press conference, Assange said, “After considering what we think is the best way to proceed, and hearing these calls from some of the manufacturers, we have decided to work with them to give them exclusive access to additional technical details we have, so that fixes can be developed and pushed out.”

Only when the vulnerabilities are patched will WikiLeaks publish the details. WikiLeaks posted a poll on Twitter, and the majority of respondents answered that the organization should work with technology companies on fixes. The next most popular response was, “No, they’re the problem.”

Tech companies are saying they need more details of CIA attack techniques to fix them faster. Should WikiLeaks work directly with them?

— WikiLeaks (@wikileaks) March 8, 2017

WikiLeaks didn’t provide any additional information on how it would be working with developers to ensure the zero-day vulnerabilities are fixed or on how long it expected the process to take. While the documentation that has already been leaked could lead to exploits, at least the details required to easily make use of these now-known vulnerabilities won’t be making it to the wild before patches can be created and provided to users.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
I’ve experienced the next era of AI, and I’m never going back
Launching Gemini Deep Research query on Chrome desktop.

Ever since ChatGPT arrived on the scene, the hype around AI has only intensified. As talk of Artificial general intelligence (AGI) and “superintelligence” — yeah, OpenAI chief, Sam Altman, is now talking about that — heats up, we have another buzzword to deal with.

Say hello to Agentic AI. In simpler terms, AI agents that are supposed to automate a chunk of our digital chores. Think of Gems in the Google lexicon. Custom GPTs by OpenAI. Or Copilot Actions by Microsoft.

Read more
M4 Ultra: Everything we know about Apple’s mysterious Hidra chip
An official rendering of the Apple M4 chip.

Apple’s Mac engineers have been on a tear in recent years, with high-performance chips appearing at every turn. That’s led to a lot of fevered speculation about what Apple is planning next, with rumors running wild about a secretive chip codenamed “Hidra” that’s reportedly in the works.

If you’ve been wondering what to expect from the Hidra chip and want to make sense of all the rumors, you’re in the right place. We’ve combed the internet for all the latest ideas and collated them here, so you can find out everything you need to know about Apple’s upcoming superpowered chip. Read on to get in the know.
Which Macs will get the Hidra chip?

Read more
AMD just confirmed my fears about the RX 9000 series
Gigabyte's RX 9070 XT GPU.

Some thought that AMD's upcoming best graphics cards would be launching in a matter of days, but we now know that's not going to happen. According to David McAfee, vice president and general manager of AMD's Ryzen CPU and Radeon graphics division, the GPUs are doing great and will be widely available -- but not until March.

This delay is an interesting choice, given that some retailers were ready to open preorders on January 22. Multiple listings of the card from all over the world have been leaked at this point, and although we haven't seen almost any of its specifications, those listings implied that the cards were ready to go, or at least would soon be available.

Read more