Communications and Electronics Security Group (CESG), the information security arm of GCHQ, was credited with the discovery of two vulnerabilities that were patched by Apple last week.
The flaws could allow hackers to corrupt memory and cause a denial of service through a crafted app or execute arbitrary code in a privileged context.
The memory handling vulnerabilities (CVE-2016-1822 and CVE-2016-1829) affect OS X El Capitan v10.11 and later operating systems, according to Apple's 2016-003 security update. The memory corruption vulnerabilities allowed hackers to execute arbitrary code with kernel privileges.
Yea, they may have revealed two vulnerabilities, But I think they have 14 more.
I think this was the trade of 2 vulnerabilities, in return for some "good numbers" they can give to computer security/privacy advocates. They have some attractive numbers to give. I think this is a tactical maneuver to create hot numbers.
I think this is a tip of the iceberg. I wonder how many more they have?
If it was my job i would disclose vulns if i see in my network surveillance that they are not NOBUS anymore and the risk for the economy (that produces the taxes i make a living from) is bigger than the risks of loosing a binary weapon.
No, the moral of the story is: GCHQ doesn't need these bugs, they have other "better" ones... AND... they have evidence that "ebil people" are using these in the wild, so they figure they can make themselves look good by letting a couple of their lower value trophies go...
@r so "the underground" isn't a small group, it's a huge group? I know it's relative, but most people will think relative to the whole world population, not relative to just the population of worldwide criminals or something...
It's an arms race - where they are competing not just against Apple, but also against the FSB and PLA (or whatever their cyber-cyber arms are called).
As long as they have sufficient in reserve, it's in their interest to see the number reduced to make it harder for the competition. If they have a large lead, and good intelligence, the may even be able to shut other state parties out altogether.
No, since the US/UK are a lot more reliant on hi-tech than China and Russia... the US/UK are FAR FAR FAR more vulnerable to ALL SECURITY issues! It would be in their best interest to FIX THEM ALL FOR GOOD instead of encouraging more bugs and trying to hoard knowledge about them.... They're shooting themselves in the head, in this arms race!