Late Thursday, Google security researchers dropped a bombshell: Someone had launched a sustained attack against iPhone users that compromised their devices almost instantly when they visited certain websites. The campaign forced a fundamental shift in how security professionals think about iOS. And now, after a week of silence, Apple has finally given its side of the story.
In a brief statement, Apple confirmed that the attacks had targeted China's oppressed Uyghur Muslim community, as had previously been reported. But the statement also called out multiple points of contention with how Google characterized the attack.
"First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community," the statement reads. "Google’s post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time,' stoking fear among all iPhone users that their devices had been compromised. This was never the case."
The company also disputed aspects of Google's timeline, saying that the malicious sites were operational for two months, rather than the roughly two years Google had estimated. Apple's statement also says that it had already discovered the vulnerabilities a few days before Google brought them to Apple's attention. "We were already in the process of fixing the exploited bugs," Apple says. The eventual patch went out on February 7 as part of the iOS 12.1.4 update.
..Support the originator by clicking the read the rest link below.
