Apple has taken issue with Google’s findings about exploit-laden websites injecting malicious code into iPhones. Last week, Google published a blog post describing how a handful of hacked websites had taken advantage of an iOS vulnerability. Today, Apple shared a rebuttal.
Apple reiterates that the vulnerabilities Google highlighted were fixed in February. It says the attack affected fewer than a dozen websites that were targeted at the Uighur community. Apple believes the website attacks were only operational for about two months, not two years, as the Google security researchers wrote. Apple reportedly fixed the issue within 10 days of learning about it.
Google responded with the following statement:
“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.”
Still, Apple says, security is one of its top priorities. “Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.” Google researchers pointed to other iOS security flaws earlier this summer, and Apple recently had to re-fix a bug that let users jailbreak phones. If nothing else, this is a reminder that cybersecurity is an ongoing battle.
Author: Christine Fisher
Source: Engadget