Apple

Apple responds to iOS security concerns raised by Google

By  | 

On the 28th of August, Google’s ‘Project Zero’ which finds and reports security vulnerabilities issued a very detailed blog post entitled “A very deep dive into iOS Exploit chains found within the wild”, however, Apple has responded back with a pointed message.  

After Google’s ‘Project Zero’ security report suggesting groups making a “sustained effort to hack the users of iPhones in certain communities over at least two years”, Apple has struck back. Google noted its “Threat Analysis Group” or TAG team had “discovered a small collection of hacked websites. The hacked sites were getting used in indiscriminate watering hole attacks against their users of iPhone 0-day”.

Google’s Ian Beer, of Project Zero, continued, stating: “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of tourists per week”.

Therefore, a week later, Apple has issued a response entitled “A message about iOS security”. 

Apple’s statement in full, below:  

First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.

Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.

Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.

Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.

Apple has responded at last and explained that things were nowhere near as dire as Google suggested, even though Apple did admit that the website attacks were operational for roughly two months. Let us hope that Apple, Google, Microsoft and others have quadrupled their efforts to proactively find these vulnerabilities and remove them as quickly and as definitively as possible. 

See also  Apex Legends - Preseason Invitational Champion Started

These vulnerabilities are extremely serious and threaten the security and privacy of all users, especially when of the “zero-day” variety where the Apple, Google, Microsoft, and others can’t protect their user’s privacy. On the other hand, Google’s Android is not immune to hackers by any means, nor is Microsoft, or Facebook.

Read the full statement here.

With a Masters in Computer Science, Casey is passionate about game development, game programming, and game testing for computers and mobile both. But it is not just about games for him. Apart from the gaming world, he also loves to play guitar and create one or two rhythms of his own. You can get in touch with him at casey_williams11@gmail.com

Leave a Reply

Your email address will not be published.