Apple Barks Back In Official Statement After Google Bites Into iOS Security
A week ago, Google disclosed findings from its Project Zero Threat Analysis Group, which discovered 14 vulnerability in iOS that were used across five exploit chains. According to Google, the exploits were used over a period of more than two years in a "sustained effort to hack the users of iPhones" by monitoring their private data and location information in real-time.
It was later learned that the Chinese government was at least using some of these vulnerabilities to spy on Muslim minority groups in its Xinjiang territory. At the time, Apple didn't make any public statements about Project Zero's findings in part because it released an iOS security fix within two weeks of being notified by Google back in early February 2019.
Apple is responding today, however, and it is being very critical of Google's motives in a public statement. In fact, Apple questions a number of Google's findings, saying that this was a "sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described" by Google. Apple went on to verify the subsequent reporting that the attack was primarily limited to a dozen websites targeting Uighur Muslims.
The folks from Cupertino also disputed Google's contention that the exploits were active for a period of more than two years. According to Apple, they were active for a much shorter period of time. "All evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies," Apple wrote. "When Google approached us, we were already in the process of fixing the exploited bugs.”
Apple goes on to say that Google was in essence stoking fear, leading many to believe that there was a "mass exploitation" of iOS devices in real-time around the globe when in reality, the scope was much, much smaller.
Despite Apple scolding Google for its part in spreading a false narrative, the company is not shirking responsibility for keeping its users safe. The company explained, "Regardless of the scale of the attack, we take the safety and security of all users extremely seriously."