GCHQ Has Disclosed Over 20 Vulnerabilities This Year, Including Ones in iOS

But the agency wouldn't say whether it had exploited the vulnerabilities first.

|
Apr 29 2016, 4:29pm

GCHQ spying center in the southwest of the UK. Image: Reading Tom/Flickr

Earlier this week, it emerged that a section of Government Communications Headquarters (GCHQ), the UK's signal intelligence agency, had disclosed a serious vulnerability in Firefox to Mozilla. Now, GCHQ has said it helped fix nearly two dozen individual vulnerabilities in the past few months, including in highly popular pieces of software like iOS.

"So far in 2016 GCHQ/CESG has disclosed more than 20 vulnerabilities across a number of software products," a GCHQ spokesperson told Motherboard in an email. CESG, or the National Technical Authority for Information Assurance, is the information security wing of GCHQ.

Those issues include a kernel vulnerability in OS X El Captain v10.11.4, the latest version, that would allow arbitrary code execution, and two in iOS 9.3, one of which would have done largely the same thing, and the other could have let an application launch a denial of service attack.

The spokesperson also pointed to two vulnerabilities in Squid, a caching proxy which can improve web response times. Recently, GCHQ intervened in the rollout of smart gas and electricity metres, which were planned to use a signal encryption key.

"We are not always credited by vendors for bugs that we disclose. We ask companies for credit in bulletins that they may publish, but recognise that this is not always possible," a GCHQ spokesperson said.

In a speech last year, the Director of GCHQ Robert Hannigan said: "GCHQ has disclosed vulnerabilities in every major mobile and desktop platform, including the big names that underpin British business."

However, governments sometimes withhold details of vulnerabilities from affected companies because the security holes can be used for hacking operations instead. Motherboard's question of whether the recent selection of vulnerabilities were only disclosed after they had already been exploited by the offensive arm of GCHQ went unanswered.