It has been a couple of weeks since Wikileaks first dropped its Vault 7 leak, revealing plenty about the CIA's hacking and spying methods. Since then, tech companies have been scrambling to find the security holes so they can put out patches and it seems that Wikileaks is going to help them in their efforts providing exclusive access to the exploits used. However, the catch is that all exploits need to be fixed within 90 days.
Wikileaks is going to give tech firms access to the CIA's exploits before making them public. However, a commitment to fix exploits within 90 days will be required in order to gain access. Otherwise, Wikileaks will release the exploits to the world, which would in turn cause huge security issues for the companies involved.
After finally getting in touch with the likes of Apple, Microsoft and Google, Julian Assange promised access to the CIA's trove of exploits so that the companies involved can improve security before these exploits are made public.
Similarly to Google's Project Zero, Assange is asking that the companies involved adhere to a 90 day deadline. However, it is unknown at this point whether these companies will be able to agree to work with Wikileaks as the company is in possession of stolen documents. If Apple, Google and Microsoft receive access to these documents, then it could put them in a sticky situation legally.
Either way, it is currently believed that Wikileaks has hundreds of thousands of documents in its possession that it has yet to make public. Vault 7 was just the first of several CIA document dumps so there will be more news to come out of this.
KitGuru Says: If Wikileaks is planning on making the CIA's iOS, Windows and Android exploits public anyway, then it seems that Microsoft, Apple and Google should try and get ahead of that by gaining access and issuing quick patches. However, the situation is likely causing some headaches for the lawyers involved.
As threatening as this is to those tech companies, especially when they have to balance the legality of the situation, it’s good that they’re putting their feet down to close these exploits. What’s also good is that once they’re released heuristics could probably detect similar future attacks in terms of the malware they created via similar code styles
At this point though the CIA have probably already started a protocol to gather as much data as possible before it all gets fixed up.