Apple says Google researchers who reported vulnerabilities in iPhone software that potentially gave hackers access to the devices are creating a “false impression” and “stoking fear.”
Cybersecurity researchers at Google’s Project Zero detailed the vulnerabilities in a blog post late last month, describing a campaign to exploit “iPhones en masse” through a small number of hacked websites over a period of “at least two years.”
Apple disputed those claims in a statement released Friday.
“The sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described,” the company said. It said the hacked websites used to exploit the vulnerabilities numbered fewer than a dozen and mainly featured content related to the Uyghur community, a predominantly Muslim ethnic group from China’s western Xinjiang region.
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised,” Apple said. “This was never the case.”
The smartphone maker also countered Google’s claims about the duration of the attacks.
“All evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies,” Apple said, adding that it fixed the vulnerabilities in February, 10 days after finding out about them.
“When Google approached us, we were already in the process of fixing the exploited bugs,” the company said.
Google defended its findings in a statement to CNN Business.
“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies,” the company said in a statement. “We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online,” it said.
Apple’s defense of its software comes just before a media event on Tuesday, during which it is expected to reveal a new line of iPhones.
As it downplayed the impact of the vulnerabilities found by the Google researchers, Apple sought to reassure iPhone users about the security of their devices.
“Regardless of the scale of the attack, we take the safety and security of all users extremely seriously,” it said. “Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.”