Google and Apple at war over iPhone security vulnerabilities

Apple forced to release statement addressing iOS security concerns.

Google and Apple at war over iPhone security vulnerabilities

Apple has been forced to release a statement addressing the security of its operating system on iPhones after a Google blog suggested it was possible for the devices to be hacked.

On 28 August, Google’s Project Zero division, which finds and reports on security vulnerabilities, published a blog detailing issues surrounding the iPhone’s iOS.

The blog, written by Project Zero’s Ian Beer, explained that Google’s Threat Analysis Group (TAG) was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. 

“This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years,” Mr Beer explained.

The TAG discovered exploits for 14 vulnerabilities, including seven for the iPhone’s web browser.

A week after the post was published, Apple hit back, claiming that the problems had been addressed and were not open to “mass exploitation”.

“Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts,” the Apple statement explained.

“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.

“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.

“Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies. We fixed the vulnerabilities in question in February – working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.

“Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.”

Are you worried about your smartphone being hacked? Do you download all the operating system upgrades as soon as they arrive?

If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles