Skip to main content

Most Android exploits mentioned in the Wikileaks dump have been patched

google android wikileaks patch
Julian Chokkattu/Digital Trends
If you have an Android phone and this week’s revelations about the CIA’s hacking capabilities have you worried, you needn’t be. On Thursday, Google told members of the press that many of the exploits and vulnerabilities mentioned in the report have been patched in subsequent versions of Android.

“As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities,” Heather Adkins, Google’s director of information security and privacy, told ZDNet. “Our analysis is ongoing and we will implement any further necessary protections. We’ve always made security a top priority and we continue to invest in our defenses.”

Earlier this week, Wikileaks orchestrated a dump of more than 8,000 classified CIA files pertaining to agency’s cyber warfare efforts. Among the many documents were spreadsheets of stockpiled exploits for Microsoft’s Windows operating system, Apple’s MacOS, iOS, and Android. Vulnerabilities that weren’t purchased from contractors, discovered internally, or available publicly appear to have been circulated by GCHQ, the U.K.’s electronics surveillance agency, and the U.S. National Security Administration

Roughly 24 Android vulnerabilities referenced in the leak, along with specific phones like Google Nexus and Samsung models like the Galaxy S5 and the Note 3. Forbes points out that there are at least 10 remote code execution bugs, critical weaknesses that allow a hacker to run malicious code over the internet. EggsMayhem, an attack developed by the NSA and GCHQ, targets the Chrome browser. An exploit called Sulfur forces Android to leak critical operating system information. And RoidRage malware allows remote control over Android devices.

But the situation is less dire than headlines suggest. Michael Shaulov, head of mobile security at Check Point, told Forbes that there didn’t seem to be evidence of exploits affecting versions after Android 4.4 or the latest version of Android, Android 7 Nougat.

Separately, an analysis by Android development forum XDA Developers found that many of the security holes mentioned in the report relate to older Android hardware and software that is no longer being sold or supported. It noted that at least three of the vulnerabilities referenced in the leaks affect Android 4.3 and below, which is present on only 13.3 percent of Android devices.

Android exploits aren’t the only tools at the CIA’s disposal, of course. The agency has reportedly broken the security of popular chat apps like WhatsApp, Signal, Telegram, Weibo, and others by intercepting messages and photos before they could be encrypted. And the scope of the hack extends far beyond smartphones. The documents made reference to smart TVs and connected cars, many of which remain unpatched.

Apparently, however, Apple devices aren’t at risk. This week, Apple told members of the press that the latest version of iOS contained fixes for the vulnerabilities mentioned in the leak.

Editors' Recommendations

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Another big sale is happening at the same time as Prime Day
A variety of electronic devices in open boxes.

Target just revealed that Target Circle Week will run from July 9 to July 15, overlapping with Amazon's Prime Day that's scheduled for July 11 to July 12.

The big sale event will be open to members of the retailer's Target Circle loyalty program, who will be able to receive discounts of up to 50% for certain items. If you're not yet a member, don't worry -- you can join at any time, and membership is free. Once you've signed up, you'll be able to earn 1% from every purchase to redeem at a later time, access exclusive deals, and get 5% off for your birthday, among other benefits.

Read more
The best free parental control software for PC, Mac, iOS, and Android
Man using computer.

Everything in this world has gone digital, and that includes homework (if you have kids). If your children are young, you’re probably not giving them laptops or free rein of the family computer yet. You’re also probably not always able to monitor their screen activity, either.

That’s where parental control software comes in handy. Such software helps keep your kids safe from the dark web, and there are usually free options available for all operating systems. Keep reading to find out more.
Built-in OS features
Giving your kids technology designed for their age group is an excellent first step toward keeping them safe online. When they have access to more general computing devices, you can leverage parental control features built right into the operating system. The parental controls for both Windows and macOS provide a convenient and acceptable means for restricting web access and chat functionality, and give parents the ability to view detailed logs and monitor email exchanges.
Microsoft Family Safety

Read more
How to deactivate your Instagram account (or delete it)
Instagram login screen.

If you’re getting a bit tired of Instagram, you might want to consider deactivating your account. With Instagram, you have two choices: You can learn how to deactivate your account, or you can delete it completely. We’ll review both options, so you can decide if you’d rather take a break or cut ties with Instagram forever. Just be cautious, as deleting your Instagram account removes all of your content permanently, and you won’t be able to get it back.

Read more