Last week, Google’s Project Zero security research team detailed what it described as “one of the largest attacks against iPhone users ever.” Now, Apple has responded to Google’s findings – taking issue with many of the claims.
Google’s findings last week detailed a series of hacked websites, which were randomly distributing malware to iPhone users. Once a user visited one of the malicious websites and the malware was deployed, the implant “primarily focused on stealing files and uploading live location data,” as often as every 60 seconds.
In a new statement, Apple accuses Google’s blog post of “creating the false impression of mass exploitation,” despite the fact that “this was never the case.” Apple says the flaws detailed by Google were never “broad-based” and instead affected fewer than a dozen websites focused on content targeting to the Uighur community. This was first reported by TechCrunch last weekend.
Furthermore, Apple says that the website attacks were only operational “for a brief period,” whereas Google claimed they ran for “two years.” Apple also reiterated that the vulnerability was patched in iOS 12.1.4.
Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.
Ultimately, Apple says that “security is a never-ending journey” and that iOS security is “unmatched.” The company also says that it takes full responsibility for end-to-end encryption on all of its devices and in its software:
Read the full statement here.
