One week ago, the staff of Project Zero, from Google, surfaced that malicious websites were used to hack iPhones "for years" which obviously left the community tech in dust.
Subsequently, an investigation of the TechCrunch learned that the Chinese government would have taken advantage of this iOS vulnerability to watch Uighur population.
As the story is all strange and the information came a little "disconnected", Apple today issued an official statement on the subject.
Here's a free translation by :
Last week, Google posted a blog post about vulnerabilities that Apple corrected for iOS users in February. We hear that clients have been concerned about some of the allegations, and we want to make sure everyone gets the facts.
First, the sophisticated attack was well focused, not a widespread failure on “mass” exploited iPhones as described. The attack has affected less than a dozen websites that focus on uigure community linked content. Regardless of the scope of the attack, we take the safety of all our users extremely seriously.
Google's post, published six months after patches to make iOS available, it creates a fake “mass exploitation” print to “monitor the private activity of entire populations in real time,” spreading fear across all iPhone users as if their devices had been compromised. This has never been the case.
Second, all evidence indicates that these website attacks have only been operational for a brief period, approximately two months, and not “two years” as Google has hinted. We fixed the vulnerabilities in question in February by working very quickly to resolve the issue only 10 days after we became aware of it. When Google contacted us, we were already in the process of fixing the bugs discovered.
It ensures an eternal journey and our consumers can be assured that we are working for them. The security of iOS is second to none because we take full responsibility for the security of our hardware and software. Our product security teams around the world are constantly developing new protections and correcting vulnerabilities as they are discovered. We will never stop our hard work of keeping our users safe.
Okay then.
Recalling that the security breaches in question were corrected in the iOS 12.1.4, released on February 7th. We covered their details in this other article.
Shutterstock image
