Apple, Google, Microsoft, Samsung and many other companies quickly responded to the expiration of documents by the CIA, with detailed descriptions of hacker tools and dozens 0 day vulnerabilities in some of the most popular programs and devices. One of the first reported last night that they have fixed up the bug mentioned in the package of documents Vault 7 WikiLeaks, were the creators of the hugely popular text editor Notepad ++, which is used by the CIA by replacing the DLL. This editor colored syntax of programming languages can check spelling in several languages simultaneously and is very popular among developers and users. The documents Vault 7 describes the replacement DLL in Notepad ++. More precisely, one of the founders or exploit testers complained about the small problem in the work already finished exploit.
The document of WikiLeaks precisely described that Notepad ++ loads Scintilla - component for editing code from the dynamic library SciLexer.dll, used by executable. From this library is exported only one function named Scintilla_DirectFunction.
The specialist cited open source Notepad ++ to determine prototype exportable function:
sptr_t __stdcall Scintilla_DirectFunction (ScintillaWin * sci, UINT iMessage, uptr_t wParam, sptr_t lParam)
The creator of the eavesdropper code complains that he can not call this function, although additional plugins used for direct work with Scintilla. But at the same time it adds that ordinary remote replacement library SciLexer.dll works well and hopes that his colleagues will iron out the problem. The creators of Notepad ++ literally the next day after secret documents presented the latest version Notepad ++ 7.3.3, in which the problem is solved and the original library SciLexer.dll already can not be replaced with the same SciLexer.dll, but by the CIA, which collects table data in the background. The problem is solved cardinal. Version of Notepad ++ 7.3.3 and later, the editor checks the certificate library SciLexer.dll prior to loading. If the certificate is absent or invalid, the editor does not work.Some web portals appeared information that is not a bad idea file SciLexer.dll be taken from version Notepad ++ 7.3.3 and overwrite the older and presumably compromised version of the file in the directory of Notepad. This is handy if for some reason the user prefers to use an older version of Notepad ++. Notepad ++ programmers compare this protection by placing a combination lock on the front door. It can not protect you from people who really want to break into your home, but provides sufficient protection when you are away or busy with something else.
Other popular programs. The editor Notepad ++ is part of the operation Fine Dining, under which the CIA realized exploits for various popular programs. The list of Fine Dining includes exploits or listening modules 24 software products. Most of them use replacement DLL library.
Here is the list itself, which will probably surprise and will continue to surprise many people:
- VLC Player Portable
- irfan View
- chrome Portable
- Opera Portable
- firefox Portable
- ClamWin Portable
- Kaspersky TDSS Killer Portable
- McAfee Stinger Portable
- Sophos Virus Removal
- thunderbird Portable
- Opera Mail
- foxit Reader
- Libre Office Portable
- Prezi
- babel Pad
- notepad ++
- Skype
- Iperius Backup
- Sandisk Secure Access
- U3 Software
- 2048
- LBreakout2
- 7-Zip Portable
- Portable Linux CMD Prompt
Naturally, the CIA has a much more sophisticated exploits. Such as injecting kernel rootkit operating system, infecting the BIOS, etc. But this example shows that the intelligence did not give up more simple and less technological methods, such as replacing a DLL. It is assumed that these very simple exploits created by trainees or by some external demand. All understand that the overall protection of monitoring by the government is not possible - the country has a very large resource. But if it is in their power to obstruct any vulnerability, it is better to do, although it seems useless. Anyway, and other software companies have announced that they have taken measures against published by WikiLeaks used vulnerabilities and specialized hacking tools. Apple said that many of the vulnerabilities listed in the Vault 7 have become obsolete and are not present in the latest version of iOS. Obviously, other vulnerabilities will be pachnati with subsequent updates. Microsoft said Vault 7 as follows: "We saw the documents and currently study them."
Samsung, in which CIA hack smart TVs family F8000 said: "We met with the report and urgently study the matter."
Google expressed confidence that the latest updates on security for Chrome and Android will protect consumers from these vulnerabilities in the document. "Our analysis continues and we take the necessary measures."
A few hours ago has information that Julian Assange has said that large technology companies will gain exclusive access to the exploits of CIA shortly before WikiLeaks to publish them to the general public.