GCHQ Has Disclosed Over 20 Vulnerabilities This Year

Joseph Cox, reporting for Motherboard: Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS. "So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ. Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.

And loves every one of them

enough to set them free!

seems gchq get billions to do what white hats do

[sittingnut]

gchq is doing, at a cost of billions for taxpayers, what many security researchers are doing for free.
leave it for british to be that stupid.

Have the Firefox devs patched Australis yet?

Have the Firefox devs fixed Australis yet? As I understand it, Australis is the name of the bug that has resulted in Firefox's UI becoming unusable. It is trendy for bugs to have their own names these days, like Shellshock and Heartbleed. In any case, this Australis bug has ruined Firefox for me, which is why I'm using Vivaldi these days. I'd try this Pale Moon browser that people have been talking about, but it doesn't support OS X as far as I can tell, so it is useless to me.

Re:Have the Firefox devs patched Australis yet?

[I4ko]

Unfortunately Vivaldi hasn't fixed Chromium yet. Opera worked properly up to version 12 with modest memory and CPU needs and after that it was broken by Chromium introducing memory overuse and CPU overuse. On a more serious note, the side panel in Vivaldi is grossly annoying, and I haven't yet found a way to convert it into a tab (so I can manage my downloads and see full info about them, also not interfere with every page). I'll have to look if it is at all possible to do that by writing an extension.

Refreshing

[Virtucon]

I actually find that a government agency letting software developers know of vulnerabilities is actually refreshing. Sure, they probably exploited those same vulnerabilities but at least we'll get them out in the open so they can be addressed.

Re:Refreshing

[gb]

So what's the bets that GCHQ is busy helping Apple close all the holes that the FBI is busy using to hack into iPhones....?

Re:Refreshing

[Virtucon]

Well we all know there's a market for selling vulnerabilities. I'm thinking the FBI bought one in the case of the San Berdoo iPhone. I'm also thinking the iPhone bad press on either side of the issue has something to do with Apple's bad quarter. The Encryption Wars have begun.

Re:Refreshing

[Actually,+I+do+RTFA]

About 0. GCHQ probably helps close vulnerabilities that intelligence services (other than US/Canada/UK/Australia/NZ) and criminals use.

Re:Refreshing

[lkcl]

About 0. GCHQ probably helps close vulnerabilities that intelligence services (other than US/Canada/UK/Australia/NZ) and criminals use.

oo - i wonder if one of the vulnerabilities *happens* to be one that's used in apple (myOS) smartphones.... saaay.... the one that, because they couldn't get it, was at the centre of constitutional violations by the U.S. Government and the FBI, recently? wouldn't _that_ be a coincidence, eh?

Re:Refreshing

[rtb61]

A sudden surge of closing security holes in the past few months. Feels like GCHQ is feeling the legal pressure from years of criminal negligence for failing the legal requirement to protect citizens from criminals whether foreign or domestic. The reality about keeping those holes secret is, you can only use them a vary limited number of times before they are exposed and then closed, the longer you keep them the more likely they are to be exploited by others and you have failed in your duty of care, other governments are likely to also have them so now MAD in truly pointless technical terms and rather than gain kudos for closing them you, you simply see them disappear when others find them and properly close them and the products they target simply age and are replaced with other unaffected products. The reality is you will rarely ever be able to use them. Anyhow they preferred hack is via targeted upgrades, secret warrants and the corruption of those companies providing the upgrades willing and unwilling (perversely enough it is more secure now, to anonymously buy a device and never ever upgrade it because once you use it, it is no longer anonymous and now they can target a specific upgrade at your uniquely identified device and crack your firmware for as long as they need to and then clean up the hack on the next upgrade).

So you need a firewall between you and the internet that only allows connections to specific addresses, that encrypts all data it sends and is never ever upgraded but replaced with a new anonymously purchased device. So for something like Windows anal probe 10, simply never allow access to an undesired IP address and the fire wall requires specific user permission to access any IP address for the first time and always seeks an encrypted communications when ever possible. Mobile communications for a device you want to be secure is definitely out, only via your hardware firewall, purchased anonymously and never ever upgraded by replaced with another anonymously purchased firewall.

Re:seems gchq get billions to do what white hats d

Meanwhile the NSA get billions of tax payer money to discover vulnerabilities then use them against citizens.
Leave it to the americans to be that stupid.

Re:seems gchq get billions to do what white hats d

Those security researchers are idiots if they are finding bugs for free.

Perspective

"GCHQ Has Disclosed Over 20 Vulnerabilities This Year"

How many have they kept for their own use?

My only question:

So how many did they find not disclose?

Re:My only question:

I would assume that the vulnerabilities they choose to disclose are those that they know have already been or are likely to be discovered by criminals/nationstates.

Re:seems gchq get billions to do what white hats d

gchq is doing, at a cost of billions for taxpayers, what many security researchers are doing for free.
leave it for british to be that stupid.

It's a by product of what they do. You do realize they have other things to do? In short, are you a troll, or, shall we say, a bit slow? Or both of course.

Or...

Or maybe they are disclosing vulnerabilities that they discover foreign intelligence services are using.

Re:Or...

[manu0601]

Mod parent up! This is probably the actual reason.

Re:seems gchq get billions to do what white hats d

And if they didn't reveal anything we'd be pecking away at their rotten corpse for hording an undisclosed amount of exploits.

Victory is impossible.

Re:seems gchq get billions to do what white hats d

Democracy in Britain is mostly a sham. Oligarchy's would be a better description of what's actually happening. Security organizations like the GHCQ (and NSA) don't exist to protect the British public. They exist to protect the interests of the establishment. This is precisely why Cameron argues we need the GCHQ to gather Yahoo naked web cam images for "security" but then is morally outraged when someone else discloses his offshore tax haven fiances!

Mass surveillance gives the establishment the power of selective disclosures. What better way to assassinate a political opponent than by discrediting them though intelligence derived character assignation? I'm sure the GCHQ could have figured out Cameron inappropriately uses tax shelters but wasn't remotely interested in defending the average British taxpayer from that.

Re:seems gchq get billions to do what white hats d

Bug bounties, steady government pay for university researchers, systematic search for exploits for intelligence work, training and internship for students, private "security" companies, reputation from the community for future employment, feel good factor for helping the humanity. No, nobody is doing it for free.

Re:seems gchq get billions to do what white hats d

[Fragnet]

It's GCHQ's job not only to gather intelligence (SIGINT) but also to protect the UK from cyber spying. Given that most of this is coming from China, I'd be a little more circumspect if I were you.

Re:seems gchq get billions to do what white hats d

mod parent up

Bravo

[dargaud]

THIS is what SECURITY agencies should be doing. Not weaponizing the Internet. Or spying with it, but SECURING it. They should identify weaknesses, report them, possibly fix them themselves if they can. They should have to power to coerce hard/software makers to fix them if the problems are important and the makers are not interested (outdated version, but still used by 20 million users...).

They should have the right to exploit a security hole for spying ONLY if it's in a foreign product and not used on national soil.

Easy for them!

[ffkom]

They probably just publish the list of obsolete backdoors they sneaked into the code base earlier. Meanwhile using later, unpublished exploits to spy on you and me.

Cute...

[alexandre]

So let me guess, when say, Russia, or China, is know to have discovered a vulnerability and using it in the wild, they burn the bridge by "being nice" publicly?

Re:seems gchq get billions to do what white hats d

nah no offense taken as we know American ARE that stupid to begin with.

Re:seems gchq get billions to do what white hats d

[AmiMoJo]

Don't worry, I'm sure GCHQ keeps the best ones to itself, and always checks with the NSA to make sure they aren't releasing any that their parent company is using.