iTnews

British govt hackers report vulnerabilities to Apple

By Juha Saarinen on May 25, 2016 6:50AM
British govt hackers report vulnerabilities to Apple

Were they no longer needed by GCHQ?

Britain's main spy agency has reported two serious operating system vulnerabilites to Apple, as concerns over government stockpiling of zero-day exploits continue.

The Communications Electronics Security Group that reported the flaws is the information assurance arm of the United Kingdom's main signals intelligence agency, the Government Communications Headquarters.

One flaw, with a high common vulnerability scoring system (CVSS) 3.0 rating of 7.8, can be used to cause memory corruption in the IOFireWireFamily kernel extension, used to handle FireWire connectors.

This allows attackers to execute arbitrary code with full operating system kernel privileges, or cause a denial of service via a specially crafted app. It affects OS X versions 10.11.4 and earlier.

Exploits for the IOFireWireFamily are trading for US$2000 to US$5000 (A$2785 to A$6965). Apple patched the flaw in the recent OS X 10.11.5 update.

A second flaw reported by CESG, along with researcher Brandon Azad, affects the operating system kernels in Apple OS X 10.11.4, iOS 9.3.1, tvOS 9.2.0 and watchOS 2.2.0 and earlier. The vulnerability allows attackers to run any code they want at full system privileges.

It is not known if CESG reported the vulnerabilities because they are no longer of use to the agency. Government intelligence agencies around the world are currently balancing the two opposing tasks of protecting computer users from exploitable vulnerabilites, and the possiblity of using these to collect important information for national security purposes.

The GCHQ information assurance arm has featured prominently in US National Security Agency contractor Edward Snowden's leaked top secret documents. Among its work is the reverse engineering of commercial antivirus software to create opportunities for computer network exploitation attacks.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
applecesggchqos xsecurity

Partner Content

Don't miss Australia’s premiere IoT Conference on 9th June
Promoted Content Don't miss Australia’s premiere IoT Conference on 9th June
"We're seeing some good policy put in place, but that's the exception"
Partner Content "We're seeing some good policy put in place, but that's the exception"
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Juha Saarinen
May 25 2016
6:50AM
0 Comments

Related Articles

  • Apple patches actively exploited macOS Big Sur bug
  • Apple's "Find My" feature created attack vector, researchers say
  • Emergency patches out for exploited Apple zero-days
  • Researchers devise stealthy phone tracking without fake base stations
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co to cut 160 applications under $200m IT simplification

NBN Co to cut 160 applications under $200m IT simplification

What to expect from the incoming Labor government

What to expect from the incoming Labor government

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

Digital Nation

Why do DeFi and DAOs matter to business?
Why do DeFi and DAOs matter to business?
COVER STORY: A Year in the Metaverse
COVER STORY: A Year in the Metaverse
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
Lendlease launches its own metaverse in Milan
Lendlease launches its own metaverse in Milan
COVER STORY: Data and IoT set digital agriculture on a sustainable future
COVER STORY: Data and IoT set digital agriculture on a sustainable future
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.