Everyone is talking about WikiLeaks' massive CIA data dump - here's what's going on

Although WikiLeaks claims the CIA has exploits that can work on iPhones, the actual tools and code needed to implement those hacks was not included in the document release, according to Strafach and other security experts.

The documents do refer to iOS exploits — commonly called "zero days," or bugs that have not been publicly found before — but they tend to be threads and hints leading to a working exploit, instead of what's needed to verify the CIA's capabilities. And many of the exploits in the leaked files have already been found and squashed.

Apple declined to comment on the WikiLeaks files.

What WikiLeaks is claiming the CIA can do is scary: Basically, using expensive undiscovered bugs, it could take over a target's phone if it gets them to click on a link or another attack vector.

Using exploits, hackers can "make [a phone] appear to be off when it's really on, and enable your microphone, and be able to listen to conversations you're having with other people," exploit vendor and famous hacker Kevin Mitnick told Business Insider last month.

Strafach said that after perusing the WikiLeaks files, "If you are an average iOS user and you are worried about a malicious party downloading this leak and using information form it to hack your iOS device, you can rest easy."

"This is not possible from what has currently been released," he said.

Strafach said that much of the files seem to show tools that do "not appear to be incredibly 'production-ready'" and are experimental in nature. Many of the files released look like the work of a small team working on experimentation and R&D, and resemble how iPhone jailbreakers and small security companies put together research and internal wiki websites, he said.

"I can’t rule out that there is not a single live vulnerability at all mentioned, but I at least have been able to ascertain that this leak does not have anything which can pose a threat to an everyday user," he said.

WikiLeaks said that it removed code and other parts of its leaked data that could be used by hackers. But it has said that Tuesday's dump is only the first of many — it's possible that WikiLeaks is planning to publish exploit code in the future.

But that might end up being a good thing for iPhone and iPad users, because when an exploit becomes public, it gets patched by Apple and other big tech companies. Once it's patched, hackers and organizations like the CIA can't use them anymore.

Apple pays up to $500,000 for a working iOS exploit. Mitnick said the going rate for an iOS exploit can range up to $1,500,000.

If there are any exploits revealed by the WikiLeaks CIA files, it's possible that it just made millions of dollars of software useless. The CIA "have to use these [attacks] very carefully,” Marlinspike said to New York Magazine. “Every time they use one, there’s a chance it’ll be detected, which costs millions of dollars to them.”

For maximum security, you should update to the latest version of iOS on your iPhone or iPad in Settings > General > Software Update.