- Apr 12, 2001
The Vulnerability Equities Process allows federal agencies to determine whether critical security flaws should be kept private for law enforcement use or disclosed to companies to allow them to patch major vulnerabilities.
The security flaw the FBI shared with Apple pertained to older versions of the iPhone and Mac and it was fixed with the release of iOS 9 and OS X El Capitan. It was not the vulnerability that was exploited to break into the iPhone 5c used by San Bernardino shooter Syed Farook, which remains under wraps.
Apple says 80 percent of iPhones run a safe version of iOS and are not vulnerable to the security flaw shared by the FBI. Apple told Reuters it does not have plans to issue a patch for the older, vulnerable software.
According to Reuters, the FBI was motivated to provide Apple with information on an older vulnerability following a report suggesting it would not use the Vulnerability Equities Process to provide Apple with the method used to hack the San Bernardino iPhone.
Earlier today, a report from The Wall Street Journal suggested the FBI has decided not to disclose the vulnerability used to access the San Bernardino iPhone. FBI Director James Comey has insinuated the FBI cannot provide details on the hacking method used on the iPhone because the security flaw exploited is owned by a private company.The day after that report, the FBI offered information about the older vulnerabilities to Apple. The move may have been an effort to show that it can and does use the White House process and disclose hacking methods when it can.
The flaw the FBI disclosed to Apple this month did nothing to change the company's perception that the White House process is less effective than has been claimed, said an Apple executive who declined to be named.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Article Link: FBI Gave First Security Disclosure Under 'Vulnerability Equities Process' to Apple on April 14