What you need to know
- Apple released a statement addressing Google's blog about iOS exploits.
- In the message, it reaffirmed customers that it keeps their security as a high priority.
- It also dispelled some false information that came of Google's blog.
Concerns about iOS security have been swirling since Google published a blog that outlined some vulnerabilities it discovered within iOS. Apple fixed these back in February, but that didn't stop the concerns. To reaffirm customers, Apple released a special message outlining exactly what took place with the vulnerabilities while dispelling false information regarding the situation.
In a brief summary of Google's blog, it found malicioius websites were accessing user's phones and stealing privata data like messages, location, photos and more.
Apple's response to it was short but to the point. Its first goal was to curb speculation about how wide this vulnerability really was. In reality, it affected less than a dozen websites.
First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones "en masse" as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.Google's post, issued six months after iOS patches were released, creates the false impression of "mass exploitation" to "monitor the private activities of entire populations in real time," stoking fear among all iPhone users that their devices had been compromised. This was never the case.
It then went on to correct some false statements made about the website attacks including how long it lasted.
Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not "two years" as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.
Apple finished the message with a strong statement on security: "Security is a never-ending journey and our customers can be confident we are working for them." It concluded: "We will never stop our tireless work to keep our users safe."
As is the case with most issues regarding Apple, they tend to be overblown. This was no different. You can read the complete statement on Apple's site.
Google responded to the Apple's message in a statement to CNBC saying it stands by its in-depth research and its end goal was to understand security vulnerabilities.
Google statement on Apple response to Project Zero report pic.twitter.com/OmfYEuGjIrGoogle statement on Apple response to Project Zero report pic.twitter.com/OmfYEuGjIr— kif (@kifleswing) September 6, 2019September 6, 2019
With neither Apple nor Google backing down, the situation has turned into a he said, she said situation.
Updated 12:16 pm PT: The post was updated to include Google's response to Apple.
