Apple today released a rebuttal to the security vulnerabilities that Google detailed in depth last week and called it “one of the largest attacks against iPhone users ever.” The iOS maker took issue with several key points, but Google is standing by its works.
In February, Google’s internal security teams made Apple aware of 14 vulnerabilities across five exploit chains that were used to compromise visitors of hacked websites and install a “monitoring implant.” Google did not specify the target, but alluded to these exploits, allowing for the “capability to target and monitor the private activities of entire populations in real time.” Apple today cited the Uyghur community, giving credence to a report earlier this month that pegged China as the responsible party.
Apple does recognize the “sophisticated attack,” but believes it was “narrowly focused” and only “affected fewer than a dozen websites.” Google said as much — previously describing it as a “small collection of hacked websites” — but estimated thousands of visitors per week.
Google’s security researchers believe that the “sustained effort to hack the users of iPhones in certain communities” lasted two years. In sharp contrast, Apple argues that the “website attacks were only operational for a brief period, roughly two months.”
In a statement to the , Google stands by the research and emphasizes the technical aspect. Apple today seemingly took issue with the analysis coming six months later.
Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research, which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.
Author:
Source: 9TO5Google