Apple pronounces on iOS security flaw disclosed by Google

Apple pronounces on iOS security flaw disclosed by Google

A week ago, the Project Zero, from Google, came out to disclose that malicious sites were used to hack iPhones “for years” – which obviously left the community tech in powder.

Subsequently, an investigation of the TechCrunch found that the Chinese government would have taken advantage of this iOS vulnerability to monitor uighur population.

As the whole story is strange and the information came a little «disconnected», Apple today tried to issue an official statement on the topic.

Here is a free translation by MacMagazine:

Last week, Google made a blog post about vulnerabilities that Apple fixed for iOS users in February. We heard that customers were concerned about some of the allegations, and we want to make sure that everyone gets to know the facts.

First, the sophisticated attack was well focused, not a widespread flaw in iPhones exploited “en masse” as described. The attack affected less than a dozen websites that focus on content linked to the Uighur community. Regardless of the scope of the attack, we take the security of all our users extremely seriously.

The Google post, published six months after patches for iOS to be made available, it creates a false impression of «mass exploitation» to «monitor the private activities of entire populations in real time», spreading fear among all iPhone users as if their devices had been compromised. That was never the case.

Second, all the evidence indicates that these website attacks were only operational for a brief period, approximately two months, and not “two years” as Google implied. We fixed the vulnerabilities in question in February – working very quickly to resolve the issue just 10 days after we became aware of it. When Google contacted us, we were already in the process of fixing the bugs we discovered.

Safety is an eternal journey and our consumers can rest assured that we are working for them. IOS security is second to none because we take full responsibility for the security of our hardware and software. Our product security teams around the world are constantly developing new protections and fixing vulnerabilities as soon as they are discovered. We will never stop our hard work of keeping our users safe.

There, then.

Recalling that the security breaches in question were corrected in the iOS 12.1.4, launched on February 7th. We covered their details in this other article. image