Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Firefox Mozilla Privacy Apple

GCHQ Has Disclosed Over 20 Vulnerabilities This Year (vice.com) 29

Joseph Cox, reporting for Motherboard: Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS. "So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ. Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.
This discussion has been archived. No new comments can be posted.

GCHQ Has Disclosed Over 20 Vulnerabilities This Year

Comments Filter:
  • gchq is doing, at a cost of billions for taxpayers, what many security researchers are doing for free.
    leave it for british to be that stupid.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Meanwhile the NSA get billions of tax payer money to discover vulnerabilities then use them against citizens.
      Leave it to the americans to be that stupid.

      • by AmiMoJo ( 196126 )

        Don't worry, I'm sure GCHQ keeps the best ones to itself, and always checks with the NSA to make sure they aren't releasing any that their parent company is using.

    • It's GCHQ's job not only to gather intelligence (SIGINT) but also to protect the UK from cyber spying. Given that most of this is coming from China, I'd be a little more circumspect if I were you.
  • I actually find that a government agency letting software developers know of vulnerabilities is actually refreshing. Sure, they probably exploited those same vulnerabilities but at least we'll get them out in the open so they can be addressed.

    • by gb ( 8474 )

      So what's the bets that GCHQ is busy helping Apple close all the holes that the FBI is busy using to hack into iPhones....?

      • Well we all know there's a market for selling vulnerabilities. I'm thinking the FBI bought one in the case of the San Berdoo iPhone. I'm also thinking the iPhone bad press on either side of the issue has something to do with Apple's bad quarter. The Encryption Wars have begun.

      • About 0. GCHQ probably helps close vulnerabilities that intelligence services (other than US/Canada/UK/Australia/NZ) and criminals use.

        • by lkcl ( 517947 )

          About 0. GCHQ probably helps close vulnerabilities that intelligence services (other than US/Canada/UK/Australia/NZ) and criminals use.

          oo - i wonder if one of the vulnerabilities *happens* to be one that's used in apple (myOS) smartphones.... saaay.... the one that, because they couldn't get it, was at the centre of constitutional violations by the U.S. Government and the FBI, recently? wouldn't _that_ be a coincidence, eh?

      • by rtb61 ( 674572 )

        A sudden surge of closing security holes in the past few months. Feels like GCHQ is feeling the legal pressure from years of criminal negligence for failing the legal requirement to protect citizens from criminals whether foreign or domestic. The reality about keeping those holes secret is, you can only use them a vary limited number of times before they are exposed and then closed, the longer you keep them the more likely they are to be exploited by others and you have failed in your duty of care, other g

  • THIS is what SECURITY agencies should be doing. Not weaponizing the Internet. Or spying with it, but SECURING it. They should identify weaknesses, report them, possibly fix them themselves if they can. They should have to power to coerce hard/software makers to fix them if the problems are important and the makers are not interested (outdated version, but still used by 20 million users...).

    They should have the right to exploit a security hole for spying ONLY if it's in a foreign product and not used on na

  • They probably just publish the list of obsolete backdoors they sneaked into the code base earlier. Meanwhile using later, unpublished exploits to spy on you and me.
  • So let me guess, when say, Russia, or China, is know to have discovered a vulnerability and using it in the wild, they burn the bridge by "being nice" publicly?

Keep up the good work! But please don't ask me to help.

Working...