Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

FBI's first vulnerability tip to Apple came on April 14 for already-patched flaw

Last updated

Apple on Tuesday said the FBI divulged its first vulnerability tip under a White House process for sharing digital security flaws with private corporations on April 14, but the information was useless as Apple had already patched the issue nine months earlier.

According to Apple, which relayed the development to Reuters, FBI officials said the Vulnerabilities Equities Process was to thank for the disclosure of a flaw affecting older iOS and OS X operating systems.

A procedure designed to foster high-level inter-agency discussion, the Vulnerabilities Equities Process covers the decision making process behind airing digital security flaws to manufacturers. In particular, the system attempts to balance public safety and government surveillance assets; security holes revealed to manufacturers are likely to be patched, while those kept secret can be used in ongoing surveillance operations.

Earlier this month, sources within the Obama administration told Reuters that Apple was unlikely to learn of a successful exploit used to access an iPhone tied to San Bernardino terror suspect Syed Rizwan Farook. As it pertains to San Bernardino, the FBI's exploit cannot be debated under the White House process without consent from its owner, which depending on the source varies from an overseas security firm to a shadowy group of gray-hat hackers.

Despite the FBI's gesture, Apple believes VEP is less effective than government claims, according to an unnamed Apple executive. Elaborating on the matter, the person said Apple was aware of the provided vulnerability more than nine months ago and released a fix in iOS 9 and Mac OS X El Capitan, making the "tip" virtually useless to the company.



10 Comments

rob53 13 Years · 3312 comments

Does this surprise anyone? Who is Comey's supervisor? That person needs to have a good talk with Comey and the rest of the FBI about how to properly do their jobs. If I tried this kind of stupidity at my job, I either would have been fired of demoted. We had annual performance appraisals, I'd really like to see Comey's after this fiasco. There's no way he should keep his job.

foggyhill 10 Years · 4767 comments

That's what I always said, the exploit had already been patched.
In case some unpatched exploit exists on any Iphone, keep your password at least 6 letter alpha,
then it won't really matter anyway.

apple head 9 Years · 85 comments

Does anyone know the difference between the different types of hackers? I mean I've heard of white hat hackers, grey hat hackers, and I THINK I heard black hat hackers before. What's the difference?

UroshnorOrSafeword? 8 Years · 9 comments

Does anyone know the difference between the different types of hackers? I mean I've heard of white hat hackers, grey hat hackers, and I THINK I heard black hat hackers before. What's the difference?
In practice not too much - its just a way of trying to ascribe motivation for good or evil.

Black hats use the tools and techniques they develop to break into things for illegal purposes, typically fraud, and theft. They get paid either to attack, or profit off what they steal. They may sell tools and techniques to the highest bidder regardless off what they might use it for.

White Hats use them to help people and companies secure their systems or fix vulnerabilities. They get paid to help people defend. I don't think anyone makes a living off bug bounties. Charlie Miller or Dino Dal Zovi would be a good example of a white hat in the iOS space.

Grey hats, funnily enough , sit somewhere in the middle, either playing both sides , or selling exploits to third parties who may or may not then on-sell them to bad actors. Amoral may be the best descriptor.

The labels don't really matter that much, as someone could be one hat one, day, and a different hat the next.

rezwits 17 Years · 856 comments

I told you :D, the FBI is a bunch of Windows using Apple haters!!!