GCHQ Has Disclosed Over 20 Vulnerabilities This Year (vice.com) 29
Joseph Cox, reporting for Motherboard: Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS. "So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ. Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.
My only question: (Score:1)
So how many did they find not disclose?
seems gchq get billions to do what white hats do (Score:1, Flamebait)
gchq is doing, at a cost of billions for taxpayers, what many security researchers are doing for free.
leave it for british to be that stupid.
Re: (Score:3, Insightful)
Meanwhile the NSA get billions of tax payer money to discover vulnerabilities then use them against citizens.
Leave it to the americans to be that stupid.
Re: (Score:2)
Don't worry, I'm sure GCHQ keeps the best ones to itself, and always checks with the NSA to make sure they aren't releasing any that their parent company is using.
Re: (Score:2)
Re: (Score:3)
Refreshing (Score:2)
I actually find that a government agency letting software developers know of vulnerabilities is actually refreshing. Sure, they probably exploited those same vulnerabilities but at least we'll get them out in the open so they can be addressed.
Re: (Score:2)
So what's the bets that GCHQ is busy helping Apple close all the holes that the FBI is busy using to hack into iPhones....?
Re: (Score:2)
Well we all know there's a market for selling vulnerabilities. I'm thinking the FBI bought one in the case of the San Berdoo iPhone. I'm also thinking the iPhone bad press on either side of the issue has something to do with Apple's bad quarter. The Encryption Wars have begun.
Re: (Score:3)
About 0. GCHQ probably helps close vulnerabilities that intelligence services (other than US/Canada/UK/Australia/NZ) and criminals use.
Re: (Score:2)
About 0. GCHQ probably helps close vulnerabilities that intelligence services (other than US/Canada/UK/Australia/NZ) and criminals use.
oo - i wonder if one of the vulnerabilities *happens* to be one that's used in apple (myOS) smartphones.... saaay.... the one that, because they couldn't get it, was at the centre of constitutional violations by the U.S. Government and the FBI, recently? wouldn't _that_ be a coincidence, eh?
Re: (Score:2)
A sudden surge of closing security holes in the past few months. Feels like GCHQ is feeling the legal pressure from years of criminal negligence for failing the legal requirement to protect citizens from criminals whether foreign or domestic. The reality about keeping those holes secret is, you can only use them a vary limited number of times before they are exposed and then closed, the longer you keep them the more likely they are to be exploited by others and you have failed in your duty of care, other g
Bravo (Score:2)
They should have the right to exploit a security hole for spying ONLY if it's in a foreign product and not used on na
Easy for them! (Score:2)
Cute... (Score:2)
So let me guess, when say, Russia, or China, is know to have discovered a vulnerability and using it in the wild, they burn the bridge by "being nice" publicly?