Apple Downplays iPhone Security Issue

Posted on September 6, 2019 by Paul Thurrott in Apple, Google, iOS, Mobile with 47 Comments

Last week, Google security researchers said that they had discovered a two-year-long vulnerability in Apple’s iPhones. Today, Apple claimed that Google overstated the nature of the resulting attack and that it timed its revelations to undermine sales of the next iPhones.

According to researchers at Google’s Project Zero, who look for zero-day vulnerabilities, hackers exploited 14 different software flaws in iOS, 7 of which specifically targeted Safari, to install malware and access various iPhone features, including passwords, iMessage conversations, and GPS data. The vulnerabilities had been exploited for months, they said, and targeted a small number of websites.

But as it turns out, Apple disagrees with many of these points. And it challenges both the content and the timing of the Google revelations.

“The sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described [by Google],” an Apple statement explains. “The attack affected fewer than a dozen websites that focus on content related to the Uighur community [only].”

Google’s blog post, Apple says, was issued six months after Apple released patches to fix the flaw. “[This] creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real-time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case,” Apple added.

“All evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies,” Apple continued. “We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.”

Worst of all, perhaps, Google Project Zero suddenly went public with information about the months-old flaws on the same day that Apple announced its September 10 iPhone event. Did Google time this revelation purposefully to undermine the new iPhones? It’s a good question.


Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate