GCHQ Has Disclosed Over 20 Vulnerabilities This Year

Joseph Cox, reporting for Motherboard: Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS. "So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ. Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.

Refreshing

[Virtucon]

I actually find that a government agency letting software developers know of vulnerabilities is actually refreshing. Sure, they probably exploited those same vulnerabilities but at least we'll get them out in the open so they can be addressed.

Re:Refreshing

[gb]

So what's the bets that GCHQ is busy helping Apple close all the holes that the FBI is busy using to hack into iPhones....?

Re:Refreshing

[Virtucon]

Well we all know there's a market for selling vulnerabilities. I'm thinking the FBI bought one in the case of the San Berdoo iPhone. I'm also thinking the iPhone bad press on either side of the issue has something to do with Apple's bad quarter. The Encryption Wars have begun.

Re:Refreshing

[Actually,+I+do+RTFA]

About 0. GCHQ probably helps close vulnerabilities that intelligence services (other than US/Canada/UK/Australia/NZ) and criminals use.

Re:Refreshing

[lkcl]

About 0. GCHQ probably helps close vulnerabilities that intelligence services (other than US/Canada/UK/Australia/NZ) and criminals use.

oo - i wonder if one of the vulnerabilities *happens* to be one that's used in apple (myOS) smartphones.... saaay.... the one that, because they couldn't get it, was at the centre of constitutional violations by the U.S. Government and the FBI, recently? wouldn't _that_ be a coincidence, eh?

Re:Refreshing

[rtb61]

A sudden surge of closing security holes in the past few months. Feels like GCHQ is feeling the legal pressure from years of criminal negligence for failing the legal requirement to protect citizens from criminals whether foreign or domestic. The reality about keeping those holes secret is, you can only use them a vary limited number of times before they are exposed and then closed, the longer you keep them the more likely they are to be exploited by others and you have failed in your duty of care, other governments are likely to also have them so now MAD in truly pointless technical terms and rather than gain kudos for closing them you, you simply see them disappear when others find them and properly close them and the products they target simply age and are replaced with other unaffected products. The reality is you will rarely ever be able to use them. Anyhow they preferred hack is via targeted upgrades, secret warrants and the corruption of those companies providing the upgrades willing and unwilling (perversely enough it is more secure now, to anonymously buy a device and never ever upgrade it because once you use it, it is no longer anonymous and now they can target a specific upgrade at your uniquely identified device and crack your firmware for as long as they need to and then clean up the hack on the next upgrade).

So you need a firewall between you and the internet that only allows connections to specific addresses, that encrypts all data it sends and is never ever upgraded but replaced with a new anonymously purchased device. So for something like Windows anal probe 10, simply never allow access to an undesired IP address and the fire wall requires specific user permission to access any IP address for the first time and always seeks an encrypted communications when ever possible. Mobile communications for a device you want to be secure is definitely out, only via your hardware firewall, purchased anonymously and never ever upgraded by replaced with another anonymously purchased firewall.

Re:seems gchq get billions to do what white hats d

Meanwhile the NSA get billions of tax payer money to discover vulnerabilities then use them against citizens.
Leave it to the americans to be that stupid.

My only question:

So how many did they find not disclose?

Re:seems gchq get billions to do what white hats d

[Fragnet]

It's GCHQ's job not only to gather intelligence (SIGINT) but also to protect the UK from cyber spying. Given that most of this is coming from China, I'd be a little more circumspect if I were you.

Bravo

[dargaud]

THIS is what SECURITY agencies should be doing. Not weaponizing the Internet. Or spying with it, but SECURING it. They should identify weaknesses, report them, possibly fix them themselves if they can. They should have to power to coerce hard/software makers to fix them if the problems are important and the makers are not interested (outdated version, but still used by 20 million users...).

They should have the right to exploit a security hole for spying ONLY if it's in a foreign product and not used on national soil.

Easy for them!

[ffkom]

They probably just publish the list of obsolete backdoors they sneaked into the code base earlier. Meanwhile using later, unpublished exploits to spy on you and me.

Cute...

[alexandre]

So let me guess, when say, Russia, or China, is know to have discovered a vulnerability and using it in the wild, they burn the bridge by "being nice" publicly?

Re:Or...

[manu0601]

Mod parent up! This is probably the actual reason.

Re:seems gchq get billions to do what white hats d

[AmiMoJo]

Don't worry, I'm sure GCHQ keeps the best ones to itself, and always checks with the NSA to make sure they aren't releasing any that their parent company is using.