Following the WSJ’s earlier report claiming the FBI won’t disclose to Apple the security flaw it used to crack the San Bernardino shooter’s iPhone, Reuters says the FBI informed the company about a vulnerability in iOS and OS X on April 14.
The disclosure resulted from the Vulnerability Equities Process and involved older versions of the aforementioned operating systems. There is a little “problem”, though: Apple had already been aware of that flaw and had fixed it nine months previously with the release of iOS 9 and OS X El Capitan.
The FBI’s gesture of contacting Apple to attract the company’s attention to security flaws found in its software can be considered “nice”, but in reality it does nothing but show how ineffective the Vulnerability Equities Process is.
You may recall that Reuters had speculated earlier that the FBI has no rights over the security flaw used to create the tool that cracked the security of Syed Farook’s iPhone 5c. As it turns out, their source was correct: The FBI said on Wednesday that it does not own the rights to the technical method used to open the iPhone used by the San Bernardino shooter.
As such, despite having knowledge of a specific security flaw, in this case exploited by the government, it cannot disclose the details to an interagency review process, which is the Vulnerability Equities Process.