The FBI has confirmed that it informed Apple of a vulnerability in its iPhone software on April 14. It’s thought to be the first time the bureau has disclosed a flaw to Apple as part of the so-called Vulnerability Equities Process.
“The process… is meant to balance law enforcement and U.S. intelligence desires to hack into devices with the need to warn manufacturers so that they can patch holes before criminals and other hackers take advantage of them,” reports Reuters.
The vulnerability only affects older versions of the iPhone. The FBI also disclosed a flaw in OS X, but that is only found in older releases of El Capitan. If you’re using a modern device with the latest version of Apple’s software, then, you’re not at risk.
Apple says about 80 percent of iPhones in use today are safe, running versions of iOS 9 that do not contain the flaw. However, there will be no patch for the other 20 percent, so users either have to upgrade their software (if they can), or upgrade their device.
The Vulnerability Equities Process is under new scrutiny since the FBI confirmed it had been able to hack into an iPhone 5c used by San Bernardino shooter Syed Farook. Previous reports claimed the FBI did not have ownership of the hack, which was provided by a third-party.
However, just a day after that report was published, the FBI contacted Apple to provide details on the vulnerability it exploited to bypass the iPhone’s passcode lock.
“The move may have been an effort to show that it can and does use the White House process and disclose hacking methods when it can,” adds Reuters. However, the move “did nothing to change the company’s perception that the White House process is less effective than has been claimed, said an Apple executive who declined to be named.”[Reuters]