Technology
Apple slams Google for raising false alarm on iOS security
San Francisco, Sep 7
Apple has slammed Google for creating a false impression about its iPhones being at hacking risk owing to security flaws that allegedly let several malicious websites break into its iOS operating system.
Researchers working in Google's Project Zero team had discovered several hacked websites that used security flaws in iPhones to attack users who visited these websites -- compromising their personal files, messages, and real-time location data.
In a statement, Apple said the so-called sophisticated attack was narrowly focused, not a broad-based exploit of iPhones "en masse" as described.
"The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously," the Cupertino-based iPhone maker said on Friday.
"Google's post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time', stoking fear among all iPhone users that their devices had been compromised. This was never the case," Apple said.
According to Google, the websites delivered their malware indiscriminately and were operational for years.
According to the iPhone maker, "all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not 'two years' as Google implies".
Google's Threat Analysis Group (TAG) discovered that there was no target discrimination as simply visiting the hacked site was enough for the exploit server to attack the iPhone, and if it was successful, install a monitoring implant.
"We estimate that these sites receive thousands of visitors per week," said the Google blog post.
Google researchers also said they identified a vulnerability that accessed all the database files on the victim's iPhone used by end-to-end encryption apps like WhatsApp, Telegram and iMessage.
Apple said that it fixed the vulnerabilities in question in February -- working extremely quickly to resolve the issue just 10 days after it learnt about it.
"When Google approached us, we were already in the process of fixing the exploited bugs," said the company, adding that its product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they're found.
Researchers working in Google's Project Zero team had discovered several hacked websites that used security flaws in iPhones to attack users who visited these websites -- compromising their personal files, messages, and real-time location data.
In a statement, Apple said the so-called sophisticated attack was narrowly focused, not a broad-based exploit of iPhones "en masse" as described.
"The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously," the Cupertino-based iPhone maker said on Friday.
"Google's post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time', stoking fear among all iPhone users that their devices had been compromised. This was never the case," Apple said.
According to Google, the websites delivered their malware indiscriminately and were operational for years.
According to the iPhone maker, "all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not 'two years' as Google implies".
Google's Threat Analysis Group (TAG) discovered that there was no target discrimination as simply visiting the hacked site was enough for the exploit server to attack the iPhone, and if it was successful, install a monitoring implant.
"We estimate that these sites receive thousands of visitors per week," said the Google blog post.
Google researchers also said they identified a vulnerability that accessed all the database files on the victim's iPhone used by end-to-end encryption apps like WhatsApp, Telegram and iMessage.
Apple said that it fixed the vulnerabilities in question in February -- working extremely quickly to resolve the issue just 10 days after it learnt about it.
"When Google approached us, we were already in the process of fixing the exploited bugs," said the company, adding that its product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they're found.
3 hours ago
PM Modi receives grand welcome from Indian community on arrival in US
3 hours ago
India, US closer than any time in history, says Biden after meeting PM Modi
3 hours ago
PM Modi holds bilateral talks with Biden, discusses global, regional issues: MEA
3 hours ago
PM Modi, Biden say Quad 'is here to stay'
12 hours ago
My mother's house smaller than your car! When PM Modi told former US president Obama
13 hours ago
Georgia Election Board Mandates Hand Count for November Ballots, Sparking Concerns Over Delays and Errors
13 hours ago
Biden set to host PM Modi in hometown Wilmington as Quad leaders intensify partnership
13 hours ago
India and US Must Collaborate to Counter China: Congressman Shri Thanedar Ahead of Quad Summit.
13 hours ago
In-Person Voting Kicks Off in Select US States, Six Weeks Before Election Day
13 hours ago
PM Modi Begins US Visit, Confirms Bilateral Talks with Biden and Participation in Key Events
13 hours ago
Harris Campaign Outspends Trump Nearly Threefold in August
13 hours ago
Secret Service Investigation Reveals Lapses in Security Prior to Trump Rally Shooting
14 hours ago
Vijay Varma shares exclusive moments with Kareena Kapoor Khan from ‘Jaane Jaan’ shoot