FBI Gave First Security Disclosure Under 'Vulnerability Equities Process' to Apple on April 14

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Apr 26, 2016.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    On April 14, the FBI informed Apple of a security flaw in older versions of iOS and OS X, its first vulnerability disclosure to Apple under the Vulnerability Equities Process, reports Reuters, citing information obtained directly from the Cupertino company.

    The Vulnerability Equities Process allows federal agencies to determine whether critical security flaws should be kept private for law enforcement use or disclosed to companies to allow them to patch major vulnerabilities.

    The security flaw the FBI shared with Apple pertained to older versions of the iPhone and Mac and it was fixed with the release of iOS 9 and OS X El Capitan. It was not the vulnerability that was exploited to break into the iPhone 5c used by San Bernardino shooter Syed Farook, which remains under wraps.

    Apple says 80 percent of iPhones run a safe version of iOS and are not vulnerable to the security flaw shared by the FBI. Apple told Reuters it does not have plans to issue a patch for the older, vulnerable software.

    According to Reuters, the FBI was motivated to provide Apple with information on an older vulnerability following a report suggesting it would not use the Vulnerability Equities Process to provide Apple with the method used to hack the San Bernardino iPhone.
    Earlier today, a report from The Wall Street Journal suggested the FBI has decided not to disclose the vulnerability used to access the San Bernardino iPhone. FBI Director James Comey has insinuated the FBI cannot provide details on the hacking method used on the iPhone because the security flaw exploited is owned by a private company.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: FBI Gave First Security Disclosure Under 'Vulnerability Equities Process' to Apple on April 14
     
  2. garirry macrumors 68000

    garirry

    Joined:
    Apr 27, 2013
    Location:
    Canada is my city
    #2
    What kind of stupid game are they playing? Why would they need to tell Apple this? It just increases the chances for a fix to happen!
     
  3. MyMacintosh macrumors regular

    Joined:
    Aug 10, 2012
    #3
    This is like beating up someone, and then being "nice enough" to let them know their shoes are untied
     
  4. Crosscreek macrumors 68030

    Crosscreek

    Joined:
    Nov 19, 2013
    Location:
    Margarittaville
    #4
    If it is owned by a private company they can market it to whom ever they want. Not Good.
     
  5. doelcm82 macrumors 68040

    doelcm82

    Joined:
    Feb 11, 2012
    Location:
    Florida, USA
    #5
    I heard this company can also hack into a 1996 Geo Tracker. But I'm not too worried about it.
     
  6. Westside guy macrumors 601

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #6
    I'm not sure what the value is in sharing a vulnerability that only affects older versions of iOS, since they won't be patched.
     
  7. btrach144 macrumors 65816

    btrach144

    Joined:
    Aug 28, 2015
    #7
    I personally update myself and my wife electronics day 1 but I'm more relaxed with my parents. Time to get serious about them as well.
     
  8. peterh988 macrumors 6502

    Joined:
    Jun 5, 2011
    #8
    FBI "Hey Apple, did you know Darth Vader is Lukes father?"

    Apple "Erm, OK, thanks, FBI"

    (Apologies if that's a spoiler for anyone! :) )
     
  9. Robert.Walter macrumors 65816

    Joined:
    Jul 10, 2012
    #9
    >offering a tip that benefits less than 10% of Apple's installed base, a flaw that Apple itself has declined to bother patching.

    >>nothing of value was provided.

    >>>only political cover was sought.

    I can imagine the conversation that led to this: "we're taking a shellacking in the court of public opinion for our All Writs Act exploit. Maybe we should offer up the most useless vulnerability we know of to show our disclosure "process" is real." Much LoL-Ing in the FBI conference room then ensued.
     
  10. thisisnotmyname macrumors 65816

    thisisnotmyname

    Joined:
    Oct 22, 2014
    Location:
    known but velocity indeterminate
    #10
    "We don't need this old security flaw in a previous version of your software so here, let us tell you about it." Thanks guys!
     
  11. Tech198 macrumors G4

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #11
    Under what reason would any flaw be considered an "option" to keep private... ?
     

Share This Page