FBI Gave First Security Disclosure Under 'Vulnerability Equities Process' to Apple on April 14

by

iphone_4s_2015-250x300On April 14, the FBI informed Apple of a security flaw in older versions of iOS and OS X, its first vulnerability disclosure to Apple under the Vulnerability Equities Process, reports Reuters, citing information obtained directly from the Cupertino company.

The Vulnerability Equities Process allows federal agencies to determine whether critical security flaws should be kept private for law enforcement use or disclosed to companies to allow them to patch major vulnerabilities.

The security flaw the FBI shared with Apple pertained to older versions of the iPhone and Mac and it was fixed with the release of iOS 9 and OS X El Capitan. It was not the vulnerability that was exploited to break into the iPhone 5c used by San Bernardino shooter Syed Farook, which remains under wraps.

Apple says 80 percent of iPhones run a safe version of iOS and are not vulnerable to the security flaw shared by the FBI. Apple told Reuters it does not have plans to issue a patch for the older, vulnerable software.

According to Reuters, the FBI was motivated to provide Apple with information on an older vulnerability following a report suggesting it would not use the Vulnerability Equities Process to provide Apple with the method used to hack the San Bernardino iPhone.

The day after that report, the FBI offered information about the older vulnerabilities to Apple. The move may have been an effort to show that it can and does use the White House process and disclose hacking methods when it can.

The flaw the FBI disclosed to Apple this month did nothing to change the company's perception that the White House process is less effective than has been claimed, said an Apple executive who declined to be named.

Earlier today, a report from The Wall Street Journal suggested the FBI has decided not to disclose the vulnerability used to access the San Bernardino iPhone. FBI Director James Comey has insinuated the FBI cannot provide details on the hacking method used on the iPhone because the security flaw exploited is owned by a private company.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

(View all)
Avatar
54 months ago
This is like beating up someone, and then being "nice enough" to let them know their shoes are untied
Score: 3 Votes (Like | Disagree)
Avatar
54 months ago
I heard this company can also hack into a 1996 Geo Tracker. But I'm not too worried about it.
Score: 1 Votes (Like | Disagree)
Avatar
54 months ago
>offering a tip that benefits less than 10% of Apple's installed base, a flaw that Apple itself has declined to bother patching.

>>nothing of value was provided.

>>>only political cover was sought.

I can imagine the conversation that led to this: "we're taking a shellacking in the court of public opinion for our All Writs Act exploit. Maybe we should offer up the most useless vulnerability we know of to show our disclosure "process" is real." Much LoL-Ing in the FBI conference room then ensued.
Score: 1 Votes (Like | Disagree)

Top Stories

Leaker Shares Details on 'iPhone 13' Camera [Updated]

Wednesday May 27, 2020 4:27 pm PDT by
The next-generation iPhone 12 lineup coming in fall 2020 isn't out yet, but Fudge (@choco_bit), a leaker who sometimes shares information on upcoming Apple devices, today offered up details on what Apple has in store for the 2021 iPhone 13's camera setup. A simple design drawing depicts a device with a four camera array, which Fudge claims will have the following features: 64-megapixel...

Apple Begins Selling Refurbished iPhone XR Models

Thursday May 28, 2020 9:50 pm PDT by
Apple today began selling certified refurbished iPhone XR models in select colors and capacities for the first time in the United States. Refurbished iPhone XR models are priced at a roughly 16 percent discount compared to current pricing on brand-new units, knocking $100–120 off of the regular price. In addition to the 64GB and 128GB capacities matching current brand-new iPhone XR models, ...

Powerbeats Pro Debut in Four New Colors: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue

Friday May 29, 2020 10:00 am PDT by
Following a couple of leaks in recent weeks, Beats today is officially announcing four new colors for its Powerbeats Pro wireless earphones: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue. The new earphones will go on sale June 9 and sell for the same $249.95 price as the existing color options. Aside from the colors, the new Powerbeats Pro models are otherwise identical to the...

Apple Making It Harder to Avoid Nagging macOS Update Notifications

Thursday May 28, 2020 8:13 am PDT by
With the release of macOS Catalina 10.15.5 and related security updates for macOS Mojave and High Sierra earlier this week, Apple is making it more difficult for users to ignore available software updates and remain on their current operating system versions. Included in the release notes for macOS Catalina 10.15.5 is the following:- Major new releases of macOS are no longer hidden when...

8 Mac Tips and Tricks You Might Not Know

Friday May 29, 2020 12:36 pm PDT by
There are tons of hidden features and shortcuts for Macs that Apple has built into macOS over the years, ranging from shortcuts to keyboard commands to other little hacks to make Mac usage just a bit simpler. In our latest YouTube video, we highlighted several of these tips and tricks, and some of them might just be new to you. Subscribe to the MacRumors YouTube channel for more videos. Tr...

Apple Releases macOS Catalina 10.15.5 With Battery Health Management Features, Fix for Finder Freezing

Tuesday May 26, 2020 1:59 pm PDT by
Apple today released macOS Catalina 10.15.5, the fifth update to the macOS Catalina operating system that was released in October 2019. macOS Catalina 10.15.5 comes two months after the launch of macOS Catalina 10.15.4, which introduced Screen Time Communication Limits. macOS Catalina 10.15.5 is a free update that can be downloaded from the Mac App Store using the Update feature in the...

Top Stories: macOS 10.15.5, New Powerbeats Pro Colors, iPhone 12 and 13 Rumors, and More

Saturday May 30, 2020 6:00 am PDT by
This week saw an interesting mix of news and rumors on the Apple front, led by the release of macOS 10.15.5, which brings a new battery health feature to newer Mac notebooks, while we also saw the official announcement of new colors for the Powerbeats Pro earphones. On the rumor front, we heard a few tidbits about not just this year's iPhone 12 but also next year's iPhone, while we saw...

More Photos and Video of Apple's Redesigned Leather Loop Watch Band Surface

Thursday May 28, 2020 10:50 am PDT by
Images of a new version of the Leather Loop that Apple appears to have in development surfaced yesterday, and today, Vietnamese site Tinhte.vn has shared additional photos and videos that give us a clearer picture of what to expect from the new band. The bands come in colors that include red, hot pink, blue, black, and brown, with some of the bands featuring different colored accents at the...

Philips Hue Play HDMI Sync Box Gains HDR10+ and Dolby Vision Support, Plus Siri Voice Control

Thursday May 28, 2020 12:00 am PDT by
The Philips Hue Play HDMI Sync Box is receiving a major update today, introducing much-desired features like HDR10+ and Dolby Vision support. Designed by Signify as part of the Philip Hue line of lights and accessories, the Hue Play HDMI Sync Box is designed to let Hue users sync their lights to their home entertainment systems. One of the major complaints about the Hue Play HDMI Sync Box ...

APFS Bug in macOS 10.15.5 Catalina Impacts the Creation of Bootable Backups

Thursday May 28, 2020 3:47 am PDT by
An Apple File System bug has been discovered in macOS 10.15.5 Catalina that can prevent users from making a bootable clone of their system drive, according to the creator of Carbon Copy Cloner. In a blog post on Wednesday, software developer Mike Bombich explained that the CCC team had uncovered the issue in the Apple File System, or APFS, when attempting to create a bootable backup in a...