- Last week, researchers at Project Zero, Google’s cybersecurity division, published a blog post saying that a handful of hacked websites had been used to quietly infiltrate iPhones for the past two years.
- Apple published a response on Friday, assuring customers that the exploit was “narrowly focused” and “affected fewer than a dozen websites.”
- The company also accused Google of creating a “false impression of ‘mass exploitation'” and “stoking fear among all iPhone users that their devices had been compromised.”
- Visit Business Insider’s homepage for more stories.
One week after Google researchers published a blog post saying that a Chinese state-backed campaign had leveraged an exploit in iOS to target a certain group of Muslims over the past two years, Apple published a response to calm worried users – and threw some extra shade at the search giant in the process.
In a statement on Friday, Apple said that Google’s post, “issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ … stoking fear among all iPhone users that their devices had been compromised. This was never the case.”
Google’s post, published on August 29, said it was able to identify five separate iPhone exploit chains that worked on almost every operating-system version from iOS 10 to iOS 12, the current iPhone software. Google said that “this indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”
Apple’s response, however, said that “the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described,” adding that “all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies.”
Apple added that it resolved the issue “just 10 days after we learned about it” in February.
“When Google approached us, we were already in the process of fixing the exploited bugs,” Apple said.
We reached out to Google for comment, and the company provided the following statement:
“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.”
Apple has taken security and privacy very seriously in recent years, even leaning on those features to help it sell more devices like iPhones and Mac computers. Security is also a centerpiece of Apple’s first credit card, the Apple Card, which launched last month.
So it’s not surprising that Apple doesn’t want Google to control the narrative of this particular exploit, since any publicity about iOS not being a solid ecosystem could cause some people to consider rival platforms, like Google’s Android.