Apple Hits Back At Google Over iPhone Hack Report
Apple has hit back at Google in a statement that made clear it feels that its security researchers have overstated the level of threat against iPhone users.
Last month security researchers at Google’s Project Zero had warned iPhone users of a “sustained effort” of an attack “in the wild” against Apple devices.
The researchers detailed how hackers utilised booby-trapped websites to try and carry out zero-day attacks against visiting iPhone users.
But Apple has disputed Google’s insistence that it was a large-scale hacking effort that targeted users of Apple devices, and has issued a hard-hitting statement.
“Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February,” said Apple.
“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described,” it said. “The attack affected fewer than a dozen websites that focus on content related to the Uighur community.”
The Uighur are a Muslim community located in central and east China and are at the centre of human right concerns in that region.
And Apple made no attempt to disguise its irritation at Google’s research team’s efforts to make this a more global threat, and not just one affecting a small ethnic community in China.
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real-time,’ stoking fear among all iPhone users that their devices had been compromised,” said Apple. “This was never the case.”
“Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies,” said Apple.
“We fixed the vulnerabilities in question in February – working extremely quickly to resolve the issue just 10 days after we learned about it,” Apple added. “When Google approached us, we were already in the process of fixing the exploited bugs.”
But Google is standing by its research, after Tim Willis, a researcher on the Project Zero team, tweeted that Google’s Threat Analysis Group (TAG) “only saw iOS exploitation on these sites when TAG found them back in Jan 2019 (and yes, they looked for everything else as well)”.
This is not the first time that Google’s Project Zero team has stepped on toes with other tech firms.
The group was set up in 2014 to hunt down vulnerabilities and bugs before they are used in cyberattacks, but its actions have displeased a number of vendors.
In February 2015, Google was forced to defend its policy of automatically publishing zero-day vulnerabilities discovered by its Project Zero team after 90 days, and promised to offer up to two weeks grace if a vendor notifies the search giant that a patch is in the works.
Microsoft, for example, was previously critical of Google for publishing details of two vulnerabilities in 2015 arguing that such disclosures harmed end-users by offering attackers information about potential flaws that could be exploited.
Industry: Cyber Security
- SailPoint File Access Manager Consultant/ Architect
- discussed on applications
SailPoint File Access Manager (SailPoint FAM) Consultant/ Architect is required for an up coming projects, Ideally looking for someone with experience in Designing and deploying SailPoint FAM , this is a new Deployment, you will work with customer in the initial workshop phase, to understand requirements and to get the initial design, you will then be responsible for deploying the solution. This is a home based role, with some onsite visits required during the length of the project. We are looking for someone who has previous experience in Deploying SailPoint FAM (ideally done design work) Need to have experience with SharePoint and ideally Azure and Share file
- Outside IR35 Contract- SC / DV - Cloud / VMware Solution Architect
- Outside IR35
Solution Architect Contract - with active Security Clearance needed for Outside IR35 Contract London. SC / DV (must be willing to undergo DV) 6 month rolling Immediate Experience delivering technical Security Architecture design / assurance of security design. Specific experience with Cloud and VMWARE technologies Cross domain experience desirable HLD / LLD Current SC Clearance a must. London 3 days a week Immediately interviewing.
- Contract Night Shift Senior SOC Analyst | Microsoft Defender | Outside IR35
- United Kingdom
- Outside IR35
Contract Night Shift Senior SOC Analyst | Microsoft Defender / Sentinel | Outside IR35 Looking for an experienced SOC analyst to cover a night shift SOC operation. Level 2 technical Analyst. You must have current hands on technical experience with Microsoft defender / Sentinel within a customer facing SOC environment. This is a UK based position.
- DV Cleared CyberArk Consultant- Contract
- City of London
- Upto £700 per day
CyberArk Consultant is needed to be responsible for leading the deployment of CyberArk solutions for this Secure government site You will work with customer, helping to create CyberArk Strategic Roadmaps, on-boarding accounts, product and process integration into the CyberArk Solution and Proviso of Installation and technical Documentation. We are looking for this individual to have experience in: In CyberArk deployment, and ideally leady the deployment both strategically and also technically for this project we need the consultant to hold current DV cleared status For the right individual this could be a long term project.