GCHQ Discloses Two OS X Vulnerabilities to Apple

This is good news:

Communications and Electronics Security Group (CESG), the information security arm of GCHQ, was credited with the discovery of two vulnerabilities that were patched by Apple last week.

The flaws could allow hackers to corrupt memory and cause a denial of service through a crafted app or execute arbitrary code in a privileged context.

The memory handling vulnerabilities (CVE-2016-1822 and CVE-2016-1829) affect OS X El Capitan v10.11 and later operating systems, according to Apple’s 2016-003 security update. The memory corruption vulnerabilities allowed hackers to execute arbitrary code with kernel privileges.

There’s still a lot that needs to be said about this equities process.

Tags: , , ,

Posted on May 24, 2016 at 2:12 PM16 Comments

Comments

r May 24, 2016 3:57 PM

@erik,

That’s funny.

Could it also be a majority of politicians use Apple and thus it’s irresponsible to hoard such vulnerabilities beyond a NOBUS point?

The Generation of Tech Warriors May 24, 2016 5:01 PM

Yea, they may have revealed two vulnerabilities,
But I think they have 14 more.

I think this was the trade of 2 vulnerabilities, in return for some “good numbers” they can give to computer security/privacy advocates. They have some attractive numbers to give. I think this is a tactical maneuver to create hot numbers.

I think this is a tip of the iceberg.
I wonder how many more they have?

Grauhut May 24, 2016 5:46 PM

If it was my job i would disclose vulns if i see in my network surveillance that they are not NOBUS anymore and the risk for the economy (that produces the taxes i make a living from) is bigger than the risks of loosing a binary weapon.

In the end its always game theory.

tyr May 24, 2016 8:37 PM

@Grauhut

Game theory is easy. Those who cooperate win out in
the long run those who do not are always defeated.

Drone May 24, 2016 9:21 PM

Hmmm… Isn’t Apple’s OS just BSD inside? This makes me wonder if there are underlying vulns in BSD we don’t know about. If there are, don’t expect Apple to say anything about it 🙁

ebil people May 24, 2016 10:13 PM

No, the moral of the story is: GCHQ doesn’t need these bugs, they have other “better” ones… AND… they have evidence that “ebil people” are using these in the wild, so they figure they can make themselves look good by letting a couple of their lower value trophies go…

r May 24, 2016 10:37 PM

@ebil,

They wouldn’t publish them if the exploit was known by a small group, they’d publish of it was about to go (to the)underground/public.

Showing their hand prior to a larger group having access to it would publicize their access to a possessing group…

If anyone has had those exploits for a considerable amount of time consider yourself bugged. 🙂

ebil people May 25, 2016 12:53 AM

@r so “the underground” isn’t a small group, it’s a huge group? I know it’s relative, but most people will think relative to the whole world population, not relative to just the population of worldwide criminals or something…

Grauhut May 25, 2016 3:31 AM

@Drone: ” Isn’t Apple’s OS just BSD inside? This makes me wonder if there are underlying vulns in BSD we don’t know about.”

Apple OS = Apple Darwin Mach Kernel with partial BSD userland.
Memory corruption = Apple Darwin Mach kernel \= BSD Kernel.

Comrade Major May 25, 2016 4:13 AM

So, Apple finally completed its trojan program for Mac computers?

I understand all this notebooks now have hardware trojan in the processor. So, GCHQ+NSA just don’t need “exploits” – they have frontdoor.

de La Boetie May 25, 2016 4:31 AM

There’s been a spate of such announcements by GCHQ/CESG.

In my view it’s primarily propaganda, attempting to hide the fact that there is no public/assured vulnerability equities process (whether followed or not).

GCHQ has the classic problem as the NSA has, that organisationally they have an irreducible conflict of mission between attack and defence, and defence has come out a very poor second.

So, the natural response is to trumpet token initiatives to pretend that they are taking it seriously.

Ben May 25, 2016 3:28 PM

It’s an arms race – where they are competing not just against Apple, but also against the FSB and PLA (or whatever their cyber-cyber arms are called).

As long as they have sufficient in reserve, it’s in their interest to see the number reduced to make it harder for the competition. If they have a large lead, and good intelligence, the may even be able to shut other state parties out altogether.

And that’s without the publicity angle.

Jerry May 25, 2016 4:59 PM

@Ben

No, since the US/UK are a lot more reliant on hi-tech than China and Russia… the US/UK are FAR FAR FAR more vulnerable to ALL SECURITY issues! It would be in their best interest to FIX THEM ALL FOR GOOD instead of encouraging more bugs and trying to hoard knowledge about them…. They’re shooting themselves in the head, in this arms race!

Robert.Walter May 27, 2016 10:07 AM

This revelation betrays something about the relationship between GCHQ and the FBI (that the FBI ain’t getting the intel), or the FBI is sitting on info supplied by GCHQ.

Either way, bad for the security of citizens and for the business economy.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.