In BriefThe Federal Bureau of Investigation (FBI) made its first disclosure about a software security flaw to Apple under the Vulnerability Equities Process (VEP), a White House initiative created in April 2014 for reviewing flaws and deciding which ones should be made public.
Unfortunately, the vulnerability reported by the federal agency only affected older versions of Apple's iOS and OS X operating system and was patched nine months ago, with the release of iOS 9 for iPhones and Mac OS X El Capitan, according to Apple.
The FBI informed Apple of a vulnerability in its iPhone and Mac software on April 14, but it's not the one used to unlock an iPhone of one of the San Bernardino shooters, Reuters reported.
But, Why didn't the FBI disclose the hack used to get data off the San Bernardino iPhone?
Well, the answer came from the FBI is not much complicated.
According to the FBI Director James Comey, the FBI is still assessing whether the hack used to unlock Farook's iPhone would go through a White House panel review to decide if it should be disclosed to Apple.
The bureau is reportedly arguing that since the tool remains the third-party's intellectual property and the FBI never learned details about the workings of the tool, it does not make sense to disclose the vulnerability.
"The people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting it, and their motivations align with ours," Comey said earlier this month.Also Read: Apple/FBI Can Unlock iPhones, Here's How to Hack-Proof your Device.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Comey has previously implied that the tool cost the FBI more than $1 Million as a one-time fee to hack into Farook's iPhone and that the tool only works a "narrow slice" of iPhone 5C devices running iOS 9.
So, by disclosing an already patched vulnerability in Apple's product, the FBI might be pretending to care about the user's security in front of Apple after declining to reveal details about the hack used to break the San Bernardino iPhone.
But, it won't change anything, as an unnamed Apple executive told Reuters that the move "did nothing to change the company's perception that the White House process is less effective than has been claimed.