Menu
Apple issues statement in response to Google security vulnerabilities report

Apple issues statement in response to Google security vulnerabilities report

Google’s report created a false impression among users that their devices were compromised, Apple says

Credit: Dreamstime

Last week, Google’s Project Zero security research team posted information about a serious vulnerability in iOS.

The security exploit (or group of exploits, really) allowed a “small collection of hacked websites” that would, when visited, install code to monitor certain activity on the iPhone.

The security holes were patch in iOS 12.1.4 on February 7, 2019, and there were even news reports right after the patch about the security holes that were closed. The sites that exploited the vulnerabilities were targeting an ethnic minority in China—the Uighur—and also sought to exploit holes in Android and Windows.

Apple has taken umbrage with the recent report, calling it out not for its technical inaccuracy, but for misrepresenting the scope and scale of the security flaw and the way it was exploited.

In a statement issued on September 6, the company said, “We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts.”

Apple goes on to detail two ways in which it feels the report was misleading. First, the report says it will, “share these insights into the real-world workings of a campaign exploiting iPhones en masse.”

Apple says the attacks were anything but “en masse” and only represented a few dozen websites targeting the Uighur minority community in China. Apple says this misrepresentation caused the hundreds of millions of iPhone users around the world to feel that they were compromised, when that was never true.

“Regardless of the scale of the attack, we take the safety and security of all users extremely seriously,” Apple concluded.

Second, the websites were operational for only about two months, while the report gives the impression that iPhones were being hacked for two years. While the vulnerability may have been present in iOS for two years, it was only found and exploited among this narrow community for a short period.

Apple claims that it fixed the exploits within 10 days of learning about them, and that, “When Google approached us, we were already in the process of fixing the exploited bugs.”

The short statement concludes by reassuring users that Apple takes security extremely seriously:

Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.

Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags GoogleApplesecurity

Featured

Slideshows

Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
EDGE 2019: Channel forges new partnerships during evening networking

EDGE 2019: Channel forges new partnerships during evening networking

Partners, vendors and distributors reconnected during a number of social gatherings during EDGE 2019. The first evening saw the channel congregate for a welcome party at the Hamilton Island yacht club, while the main poolside proved to be the perfect stop for a barbecue on the final night.

EDGE 2019: Channel forges new partnerships during evening networking
Show Comments