However, because of the number of vulnerabilities, it is expected to take hours or days to figure out if they vulnerabilities are all real, what has and hasn't been patched, and of the newly discovered issues, which need the most urgent attention. Developing and releasing the actual patches could take weeks or even months.
All three companies were wading through the files, sources said, though none yet has offered up a public comment. Google may end up with the biggest headaches given the fact that so many Android devices are stuck on older versions of the operating system, so millions of devices could be vulnerable even to already plugged holes.
Why this matters: If real, all these exploits are now in the hands of every hacker in the world, rather than just the CIA.
