Last week, Google’s elite bug search team “Project Zero” announced the details of the vulnerabilities in iOS on its own blog, describing the hack as “One of the biggest attacks on iPhone users of all time”.
After Google explained its work on the iPhone hack last week and extensively examined the individual exploits, Apple made a statement on the matter yesterday evening. prehistory: Google's Project Zero team explained in its report that victims were tricked into opening a link that took them to an infected website. On this website, the malware was inserted into the affected devices in the form of a digital implant. This focused on stealing various data and uploading live locations. Even the iCloud keychain was no longer secure on compromised devices. In addition to various iPhone models, Android and Windows devices were also affected.
Gives the false impression of “mass exploitation”
Now Apple has responded to Google's findings in its statement and at the same time defended the security of iOS. In the statement, Cupertino accuses Google's research team of creating the false impression of "mass exploitation“ The statement states:
"First, the sophisticated attack was narrowly focused and not a widespread use of iPhones en masse as described. The attack affected fewer than a dozen websites focused on content related to the Uighur community. Regardless of the scale of the attack, we take the security of all users very seriously."
Last weekend, TechCrunch and Forbes published more Details about the hack According to the report, it was a targeted attack on the Uighur community, initiated by the Chinese government.
"Google's post, published six months after the release of iOS patches, creates the false impression of 'mass exploitation' to 'monitor the private activities of the entire population in real time' and creates fear among all iPhone users that their devices have been compromised. This was never the case" – Apple continues.
But the most important point is the time period. Google wrote in its blog that the attacks were carried out over two years - Apple contradicts this. The statement says:
"Second, all evidence suggests that these website attacks were carried out for only a short period of time, approximately two months, and not 'two years' as Google suggests. We fixed the vulnerabilities in question in February and worked extremely quickly to resolve the issue just ten days after we learned about them. By the time Google approached us, we were already in the process of fixing the exploited bugs."
In conclusion, Apple writes that security is “an endless journey” and promises to continue it – the company also stressed that iOS security is unmatched. You can read the entire statement in English here read it. (Photo by Your_photo / Bigstockphoto)
