Apple says FBI gave it first vulnerability tip on April 14
Reuters/Arnd Wiegmann
The FBI informed Apple Inc of a vulnerability in its iPhone and Mac software on April 14, the first time it had told the company about a flaw in Apple products under a controversial White House process for sharing such information, the company told Reuters on Tuesday.
The FBI told the company that the disclosure resulted from the so-called Vulnerability Equities Process for deciding what to do with information about security holes, Apple said.
The process, which has been in place in its current form since 2014, is meant to balance law enforcement and U.S. intelligence desires to hack into devices with the need to warn manufacturers so that they can patch holes before criminals and other hackers take advantage of them.
The vulnerability that was disclosed to Apple involved older versions of the iPhone and the Mac, Apple said.
The issue of how U.S. government agencies decide to share information about vulnerabilities in computer and telecom products has received renewed scrutiny since the FBI announced last month that it had found a way to break into the iPhone of one of the shooters in December's massacre in San Bernardino, California.
Reuters reported earlier this month that the FBI believed it did not have legal ownership of the necessary information and techniques for breaking into the iPhone so would not be able to bring it to the White House for review under the equities process.
The day after that report, the FBI offered information about the older vulnerabilities to Apple. The move may have been an effort to show that it can and does use the White House process and disclose hacking methods when it can.
The flaw the FBI disclosed to Apple this month did nothing to change the company's perception that the White House process is less effective than has been claimed, said an Apple executive who declined to be named.
Though he declined to provide technical details, the executive said the problem had been fixed by the company nine months ago, with the release of iOS9 for phones and Mac OS C El Capitan.
About 80 percent of iPhones are on a safe version of the operating system, and Apple said it does not plan to issue a patch for the older software.
(Reporting by Joseph Menn; Editing by Jonathan Weber and Cynthia Osterman)
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.