Apple on Tuesday said the FBI divulged its first vulnerability tip under a White House process for sharing digital security flaws with private corporations on April 14, but the information was useless as Apple had already patched the issue nine months earlier.
According to Apple, which relayed the development to Reuters, FBI officials said the Vulnerabilities Equities Process was to thank for the disclosure of a flaw affecting older iOS and OS X operating systems.
A procedure designed to foster high-level inter-agency discussion, the Vulnerabilities Equities Process covers the decision making process behind airing digital security flaws to manufacturers. In particular, the system attempts to balance public safety and government surveillance assets; security holes revealed to manufacturers are likely to be patched, while those kept secret can be used in ongoing surveillance operations.
Earlier this month, sources within the Obama administration told Reuters that Apple was unlikely to learn of a successful exploit used to access an iPhone tied to San Bernardino terror suspect Syed Rizwan Farook. As it pertains to San Bernardino, the FBI's exploit cannot be debated under the White House process without consent from its owner, which depending on the source varies from an overseas security firm to a shadowy group of gray-hat hackers.
Despite the FBI's gesture, Apple believes VEP is less effective than government claims, according to an unnamed Apple executive. Elaborating on the matter, the person said Apple was aware of the provided vulnerability more than nine months ago and released a fix in iOS 9 and Mac OS X El Capitan, making the "tip" virtually useless to the company.
10 Comments
Does this surprise anyone? Who is Comey's supervisor? That person needs to have a good talk with Comey and the rest of the FBI about how to properly do their jobs. If I tried this kind of stupidity at my job, I either would have been fired of demoted. We had annual performance appraisals, I'd really like to see Comey's after this fiasco. There's no way he should keep his job.
That's what I always said, the exploit had already been patched.
In case some unpatched exploit exists on any Iphone, keep your password at least 6 letter alpha,
then it won't really matter anyway.
Does anyone know the difference between the different types of hackers? I mean I've heard of white hat hackers, grey hat hackers, and I THINK I heard black hat hackers before. What's the difference?
I told you :D, the FBI is a bunch of Windows using Apple haters!!!