FBI's first vulnerability tip to Apple came on April 14 for already-patched flaw
Mikey Campbell
Apple on Tuesday said the FBI divulged its first vulnerability tip under a White House process for sharing digital security flaws with private corporations on April 14, but the information was useless as Apple had already patched the issue nine months earlier.
According to Apple, which relayed the development to Reuters, FBI officials said the Vulnerabilities Equities Process was to thank for the disclosure of a flaw affecting older iOS and OS X operating systems.
A procedure designed to foster high-level inter-agency discussion, the Vulnerabilities Equities Process covers the decision making process behind airing digital security flaws to manufacturers. In particular, the system attempts to balance public safety and government surveillance assets; security holes revealed to manufacturers are likely to be patched, while those kept secret can be used in ongoing surveillance operations.
Earlier this month, sources within the Obama administration told Reuters that Apple was unlikely to learn of a successful exploit used to access an iPhone tied to San Bernardino terror suspect Syed Rizwan Farook. As it pertains to San Bernardino, the FBI's exploit cannot be debated under the White House process without consent from its owner, which depending on the source varies from an overseas security firm to a shadowy group of gray-hat hackers.
Despite the FBI's gesture, Apple believes VEP is less effective than government claims, according to an unnamed Apple executive. Elaborating on the matter, the person said Apple was aware of the provided vulnerability more than nine months ago and released a fix in iOS 9 and Mac OS X El Capitan, making the "tip" virtually useless to the company.
Wesley Hilliard
Andrew Orr
Amber Neely
William Gallagher
