Recently, Google’s Project Zero researchers issued a detailed report on the security vulnerabilities in iOS and called “one of the largest attacks against iPhone users ever”. Now Apple has issued an official statement refuting the vulnerability report by Google and accuses Google of ‘stoaking fear’ over security issues.
Apple in a statement said that the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. It says that the attack “affected fewer than a dozen websites” and Google’s report is stoking fear among all iPhone users that their devices had been compromised and is creating a false impression.
Apple also says that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies and adds that they fixed the vulnerabilities just 10 days after they learned about it. “When Google approached us, we were already in the process of fixing the exploited bugs,” explains Apple.
“Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.”, says Apple.
Google says that it stands by its original report and in a statement to The Verge, Google said:
“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.”