The FBI has decided it will not divulge the details of how it successfully hacked into the San Bernardino iPhone to Apple, having found a method at the last-minute just hours before going to court in late March. However, in an attempt to appear helpful and cooperative, the FBI gave Apple its first security tipoff under the Vulnerability Equities Process this month.
Reuters reports the FBI informed Apple of a security flaw affecting iOS and Mac software on April 14th, as part of a process that balances the needs of law enforcement to hack devices and the needs of manufacturers to patch found flaws before criminals can use them …
Try Amazon Prime 30-Day Free Trial
In this case, the disclosure was effectively useless as it related to older iOS and Mac software versions, with the issue already being patched in iOS 9 and OS X El Capitan. Apple says this is the first time FBI has given such information over to the company.
Reuters speculates the FBI gave its first ever security tip off to fend off critics who are frustrated that it will not disclose the details of the San Bernardino hack and is generally cooperative with policy and manufacturers about found vulnerabilities.
Apple says the flaw the FBI disclosed does not change the company’s perception that the White House Vulnerability Equities Process is less effective than has been claimed:
Reuters reported earlier this month that the FBI believed it did not have legal ownership of the necessary information and techniques for breaking into the iPhone so would not be able to bring it to the White House for review under the equities process.
The day after that report, the FBI offered information about the older vulnerabilities to Apple. The move may have been an effort to show that it can and does use the White House process and disclose hacking methods when it can.
The flaw the FBI disclosed to Apple this month did nothing to change the company’s perception that the White House process is less effective than has been claimed, said an Apple executive who declined to be named.
Apple does not plan to send out a patch for the security issue affecting older OS versions. As always, if users want to stay abreast of the latest security improvements, they should update to the latest iOS and OS X versions, iOS 9 and El Capitan. According to Apple’s official numbers, 84% of active users are running iOS 9 or later.