Apple Hits Back At Google Over iPhone Hack Report
Apple has hit back at Google in a statement that made clear it feels that its security researchers have overstated the level of threat against iPhone users.
Last month security researchers at Google’s Project Zero had warned iPhone users of a “sustained effort” of an attack “in the wild” against Apple devices.
The researchers detailed how hackers utilised booby-trapped websites to try and carry out zero-day attacks against visiting iPhone users.
But Apple has disputed Google’s insistence that it was a large-scale hacking effort that targeted users of Apple devices, and has issued a hard-hitting statement.
“Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February,” said Apple.
“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described,” it said. “The attack affected fewer than a dozen websites that focus on content related to the Uighur community.”
The Uighur are a Muslim community located in central and east China and are at the centre of human right concerns in that region.
And Apple made no attempt to disguise its irritation at Google’s research team’s efforts to make this a more global threat, and not just one affecting a small ethnic community in China.
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real-time,’ stoking fear among all iPhone users that their devices had been compromised,” said Apple. “This was never the case.”
“Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies,” said Apple.
“We fixed the vulnerabilities in question in February – working extremely quickly to resolve the issue just 10 days after we learned about it,” Apple added. “When Google approached us, we were already in the process of fixing the exploited bugs.”
But Google is standing by its research, after Tim Willis, a researcher on the Project Zero team, tweeted that Google’s Threat Analysis Group (TAG) “only saw iOS exploitation on these sites when TAG found them back in Jan 2019 (and yes, they looked for everything else as well)”.
This is not the first time that Google’s Project Zero team has stepped on toes with other tech firms.
The group was set up in 2014 to hunt down vulnerabilities and bugs before they are used in cyberattacks, but its actions have displeased a number of vendors.
In February 2015, Google was forced to defend its policy of automatically publishing zero-day vulnerabilities discovered by its Project Zero team after 90 days, and promised to offer up to two weeks grace if a vendor notifies the search giant that a patch is in the works.
Microsoft, for example, was previously critical of Google for publishing details of two vulnerabilities in 2015 arguing that such disclosures harmed end-users by offering attackers information about potential flaws that could be exploited.
Industry: Cyber Security
- Identity & Access Management (IdAM) Consultant
- Upto €100,000 plus bonus and benefits
An Identity & Access Management Consultant is needed to lead and drive technical and or business transformation projects in a client-facing position for a prestigious consultancy in Germany. The Identity & Access Management Consultant will be responsible for technical design and implementation of Identity & Access Management/IAM products within a wide variety of clients. The Identity & Access Management Consultant will have a blend of technical hands-on and client-facing consultancy with the ability to develop new business. Broad technical knowledge across Identity and access management is benefical. The Identity & Access Management Consultant will need to have technical hands-on experience with one or more of the following core areas; Privileged Access Management (PAM, CyberArk, Beyondtrust, Thycotic) Identity Governance Administration (IGA, Sailpoint, Omada, RSA) Customer Identity & Access Management (CIAM, Forgerock PSD2) The Identity & Access Management Consultant must have the willingness to travel to customer sites across Germany (once we are allowed to)
- Create a Cyber Threat Intelligence capability. Analyst. UK
- United Kingdom
To join a cyber consultancy, to aid in building out a bespoke threat intelligence capability for a key client. A rare opportunity that provides support and the ability learning as you go. You must have a passion for all things Cyber and have a excellent command of the English language. (written and verbal). An ideal candidate would be a recent cyber graduate (degree, MSc, PHD) who can provide examples of executive summaries, dissertations / thought pieces. The role will include, but not be limited to; delivering executive summaries of current and potential threats to key stakeholders as well as identifying and building out a bespoke threat intelligence platform using the likes of Recorded Futures, WildFire etc which will feed into the SOC. The ability to achieve Security Clearance will be required. Crest Threat Intelligence Analyst, SANS FOR578 OSINT. UK based but remote. London, Reading for extra brownie points. Chris.email@example.com and +447884666351
- Network Security Presales Consultant
- Upto £75,000 plus coms
A new opportunity has arisen within the presales team of one of our clients an expanding managed security provider. You will be working with an array of customer from small to large global enterprises and will be the technical lead through the sales process. Provide both a consultancy service to customers and support to the sales teams. Use knowledge of the company’s products and services to translate customer requirements into functional, effective and appropriate solutions for the prospective customer base. To understand customer requirements, assist in the qualification processes and by utilising the company’s standard product and services portfolio to create a suitable solution in concept. Present technical solutions to customers both formally and informally as required We are looking for someone with a strong network security background with knowledge of one of the fellowing vendors, Checkpoint, Fortinet, Palo Alto, Ciso would be benefical
- Penetration tester- Inside IR35. London. High profile client.
- £400 Umbrella rate
Penetration tester- Inside IR35 £310 Umbrella rate Long term project London Application and mobile (android / iOs) penetration testing experience Manage and deliver penetration testing project Ability to program or script Strong analytical skills Opportunity to build upon existing hands on experience. Amazing project- high profile client. MUST be commutable to London. Immediate opportunity Chris.firstname.lastname@example.org 07884666351