On August 30, Google"s Project Zero team revealed that it had discovered multiple websites hosting malware hacking into people"s iPhones for the past two years. According to the team at Project Zero, the devices got infected after visiting malicious webpages related to the Uighur community, putting the private information including contacts, photos, and other data of the owners at risk. The news was met by great discomfort in the community, leaving users worried about their privacy and data protection.
Today, a week after the Project Zero blog post, Apple has released a statement addressing the claims made by the team at Google. In it, the California-based tech firm has outlined two major clarifications and corrections to the scale and gravity of the recent iOS exploit.
To begin with, Apple clarified that the post from Google comes six months after the patches fixing the exploit were released back in February. The firm believes that the post created "unwarranted fears" and "false impressions" of mass exploitation and data breach. Similarly, the Cupertino firm made it clear that the scope of the attack was not as expansive as Google made it out to be, and only affected a very specific substratum of the community:
...the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community.
Secondly, Apple corrected the figure of "two years", saying that the attacks that were being hosted on the websites were functional only for a period of approximately two months, not two years. The tech giant also added that it was quick to respond to the news and the fact that by the time Google reached out to inform Apple about the vulnerability, the solution to fix it was already in the pipeline.
The company further added that "iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software," assuring iPhone owners that data privacy and security are of utmost concern to Apple regardless of the scale of any exploit.