Apple Contradicts Google's Claims Regarding iOS Security Hole

Advertisement
Advertisement

Apple has now presented its side of the story regarding an iOS vulnerability Google detailed in a blog post last month. The iPhone maker has accused the search giant of causing panic amongst its customers by making false claims. The iOS security flaws were found by Google's Project Zero security analyst team.

When the blog post was published, the impression was that Apple was unaware of the problem. However, the Cupertino giant claims that never was the case.

Apple Says Scope Of The Attack Was Limited

In a press release, Apple has rubbished many of the claims made by Google. The company was apparently prompted by the concerns raised by its customers to tell its narrative. First off, the manufacturer says that the iOS security attack was narrowly focused and it wasn't as widespread as Google led people to believe.

Advertisement

To bring you up to speed, Google had said that a small collection of hacked websites were used to install monitoring implants on iPhones. The implant then gained access to virtually everything on the hacked devices, including the contents of private conversations, contacts, images, live locations, and credentials.

Any user visiting those websites was vulnerable. Although the names of those websites have not been revealed, Google said that they got thousands of visitors every week. Now, that's a significant amount of traffic.

However, Apple says that those websites had content that was of interest to the Uighur community. This is a Muslim community in the Xinjiang state of China. Apparently, this was a state-sponsored effort against the marginalized group.

Advertisement

Thus, Apple wants its users to believe that consumers in America, Europe, and elsewhere were not targeted. This sounds like lousy reasoning. If you follow news outlets closely, you might have seen a lot of coverage on Uighur. Based on that, it's entirely possible that people in other parts of the world visited those sites too. If it's any consolation, the company says it takes all attacks seriously, regardless of their scale.

iPhone Maker Still Says iOS Security Is Unmatched

Other than that, Apple says that the attacks lasted roughly two months, and not two years as Google had said. The company also says that when the search engine giant approached it in February, it was already working on fixing the bug.

Apple has always prided itself over iOS security and Google's blog post was a serious blow.

Advertisement

Per the Project Zero team, there were no less than fourteen vulnerabilities in iOS. On top of that, the company said that they could have easily been taken care of had the Cupertino giant done more rigorous testing. Apple says that security is always a work in progress and that iOS security is unmatched. The company says it works round the clock to keep users safe.

Google still stands by its claims. The company said that technical research was posted to help people better understand security vulnerabilities and create better defensive strategies.

But then, it's also clear that the discovery gave it a one-up over Apple.  Interestingly, some reports say that the same websites were also used to hack Android devices. If that's true, it's not known if Project Zero is aware of that.

Advertisement