GCHQ Discloses Two OS X Vulnerabilities to Apple

This is good news:

Communications and Electronics Security Group (CESG), the information security arm of GCHQ, was credited with the discovery of two vulnerabilities that were patched by Apple last week.

The flaws could allow hackers to corrupt memory and cause a denial of service through a crafted app or execute arbitrary code in a privileged context.

The memory handling vulnerabilities (CVE-2016-1822 and CVE-2016-1829) affect OS X El Capitan v10.11 and later operating systems, according to Apple's 2016-003 security update. The memory corruption vulnerabilities allowed hackers to execute arbitrary code with kernel privileges.

There's still a lot that needs to be said about this equities process.

Posted on May 24, 2016 at 2:12 PM • 17 Comments

Comments

rMay 24, 2016 3:57 PM

@erik,

That's funny.

Could it also be a majority of politicians use Apple and thus it's irresponsible to hoard such vulnerabilities beyond a NOBUS point?

The Generation of Tech WarriorsMay 24, 2016 5:01 PM

Yea, they may have revealed two vulnerabilities,
But I think they have 14 more.

I think this was the trade of 2 vulnerabilities, in return for some "good numbers" they can give to computer security/privacy advocates. They have some attractive numbers to give. I think this is a tactical maneuver to create hot numbers.

I think this is a tip of the iceberg.
I wonder how many more they have?

GrauhutMay 24, 2016 5:46 PM

If it was my job i would disclose vulns if i see in my network surveillance that they are not NOBUS anymore and the risk for the economy (that produces the taxes i make a living from) is bigger than the risks of loosing a binary weapon.

In the end its always game theory.

tyrMay 24, 2016 8:37 PM


@Grauhut

Game theory is easy. Those who cooperate win out in
the long run those who do not are always defeated.


DroneMay 24, 2016 9:21 PM

Hmmm... Isn't Apple's OS just BSD inside? This makes me wonder if there are underlying vulns in BSD we don't know about. If there are, don't expect Apple to say anything about it :-(

ebil peopleMay 24, 2016 10:13 PM

No, the moral of the story is: GCHQ doesn't need these bugs, they have other "better" ones... AND... they have evidence that "ebil people" are using these in the wild, so they figure they can make themselves look good by letting a couple of their lower value trophies go...

rMay 24, 2016 10:37 PM

@ebil,

They wouldn't publish them if the exploit was known by a small group, they'd publish of it was about to go (to the)underground/public.

Showing their hand prior to a larger group having access to it would publicize their access to a possessing group...

If anyone has had those exploits for a considerable amount of time consider yourself bugged. :)

ebil peopleMay 25, 2016 12:53 AM

@r so "the underground" isn't a small group, it's a huge group? I know it's relative, but most people will think relative to the whole world population, not relative to just the population of worldwide criminals or something...

GrauhutMay 25, 2016 3:31 AM

@Drone: " Isn't Apple's OS just BSD inside? This makes me wonder if there are underlying vulns in BSD we don't know about."

Apple OS = Apple Darwin Mach Kernel with partial BSD userland.
Memory corruption = Apple Darwin Mach kernel \= BSD Kernel.

Comrade MajorMay 25, 2016 4:13 AM

So, Apple finally completed its trojan program for Mac computers?

I understand all this notebooks now have hardware trojan in the processor. So, GCHQ+NSA just don't need "exploits" - they have frontdoor.

de La BoetieMay 25, 2016 4:31 AM

There's been a spate of such announcements by GCHQ/CESG.

In my view it's primarily propaganda, attempting to hide the fact that there is no public/assured vulnerability equities process (whether followed or not).

GCHQ has the classic problem as the NSA has, that organisationally they have an irreducible conflict of mission between attack and defence, and defence has come out a very poor second.

So, the natural response is to trumpet token initiatives to pretend that they are taking it seriously.

rMay 25, 2016 10:09 AM

@ebil,

I have no idea, it could be out reached a hold time and had been replaced?

BenMay 25, 2016 3:28 PM

It's an arms race - where they are competing not just against Apple, but also against the FSB and PLA (or whatever their cyber-cyber arms are called).

As long as they have sufficient in reserve, it's in their interest to see the number reduced to make it harder for the competition. If they have a large lead, and good intelligence, the may even be able to shut other state parties out altogether.

And that's without the publicity angle.

JerryMay 25, 2016 4:59 PM

@Ben

No, since the US/UK are a lot more reliant on hi-tech than China and Russia... the US/UK are FAR FAR FAR more vulnerable to ALL SECURITY issues! It would be in their best interest to FIX THEM ALL FOR GOOD instead of encouraging more bugs and trying to hoard knowledge about them.... They're shooting themselves in the head, in this arms race!

Robert.WalterMay 27, 2016 10:07 AM

This revelation betrays something about the relationship between GCHQ and the FBI (that the FBI ain't getting the intel), or the FBI is sitting on info supplied by GCHQ.

Either way, bad for the security of citizens and for the business economy.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.