• Home
  • iOS
  • News
  • Apple Releases Statement Disputing Some of the Details of Google Project Zero Report on iOS Security Vulnerabilities

Apple Releases Statement Disputing Some of the Details of Google Project Zero Report on iOS Security Vulnerabilities

Apple Releases Statement Disputing Some of the Details of Google Project Zero Report on iOS Security Vulnerabilities

Researchers from Google’s Project Zero security initiative on Thursday announced their discovery of a “small collection” of hacked websites that for many years have hosted exploits targeting iOS devices.

Google reported there were a total of 14 vulnerabilities being exploited. While all of those have been fixed by Apple, some of the security flaws were exploited for several years.

Apple on Friday responded to the Google blog post in an effort to “make sure all of our customers have the facts.”

Apple says the attack was “narrowly-focused” rather than a broad-based exploit of iPhones as  Google described. The company says fewer than a dozen sites that targeted the Uighur Muslim community were affected. Furthermore, Apple says Google created a “false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time’.”

Apple also says Google also got the info about the length of the attacks wrong, and says the websites were operational for approximately two months, the two years Google claimed. The Cupertino firm says the vulnerabilities were fixed 10 days after Apple learned about them, and says fixes were already in the works when Google informed Apple.

Apple’s full letter reads as follows:

Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts.

First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.

Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.

Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.

Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.

In a statement to The Verge, Google says it stands by its original claims, despite Apple’s statement.

Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.

  1. 983321 300244Average In turn sends provides could be the frequent systems that offer the opportunity for ones how does a person pick-up biological, overdue drivers, what one mechanically increases the business. Search Engine Marketing 272152

  2. buy a wig says:

    991637 829842Hey, you used to write great, but the last couple of posts have been kinda boringK I miss your super writings. Past several posts are just just a little bit out of track! come on! 837565

  3. 92872 761447I havent checked in here for some time because I thought it was acquiring boring, but the last few posts are genuinely great quality so I guess Ill add you back to my everyday bloglist. You deserve it my friend. insurance guides 705244

  4. 10048 82657I got what you intend, saved to fav, extremely good website . 785723

  5. nova88 says:

    979880 209845As I internet site possessor I believe the topic material here is rattling wonderful , appreciate it for your efforts. 919063

Leave a Reply

Your email address will not be published.