Member Login
menu

Disclosing iOS Exploit, Apple Blames Google For Creating 'False Impression'

The iPhone maker Apple is one big company willing to do just about anything to defend its brand.

Previously, Google's Project Zero, the company's security team tasked to find bugs and flaws, disclosed iOS vulnerability that allowed hackers to hack iPhones when users visit certain websites. And here, Apple seems to be unhappy about the way Google disclosed it to the public.

Responding to Google's report, Apple takes the issue seriously, and sought to "clarify" things in a typical Cupertino fashion.

According to Apple, on its Newsroom post about iOS security, the company said that

"First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously."

"Google’s post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time', stoking fear among all iPhone users that their devices had been compromised. This was never the case."

The iPhone maker continues by saying that:

"Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not 'two years' as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs."

While Google stands firmly on its findings, Apple argues that Google was using that precious and brief moment to paint a false picture about its competitor's flagship product.

Apple acknowledged some of the details about the flaw, but it's just hating how Google disclosed it to the public.

iOS 12.1.4
The bug is said to have been fixed since iOS version 12.1.4

Google Project Zero found that a small collection of websites could be used to hack iPhones, using previously undisclosed five different exploit chains.

The chains leveraged 14 different vulnerabilities that happened to be found on every version of iOS from 10 to 12.

At that time, Ian Beer from Project Zero, said that the flaws had been around for at least two years. While there was not target discrimination, iPhone users visiting certain websites can fall victims to exploit.

"We estimate that these sites receive thousands of visitors per week," he said.

Apple patched the vulnerability on iOS 12.1.4, which was released on 7 February 2019.

But responding to Google, Apple that is defending its brand and reputation, is downplaying Google's findings, by also using its 'overused' marketing message that "iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software."

Google declined to comment about Apple's respond, and also declined to say anything about whether Android devices, which are popular in Asian markets, are just as vulnerable to the attack.

There have been reports that Windows and Android devices can also be affected by the same websites, but Google only offered a generic response that it "stands by its research and that it will continue to work with Apple and other leading companies to help keep people safe online."

Published: 
09/09/2019