Apple Hits Back At Google Over iPhone Hack Report
Apple has hit back at Google in a statement that made clear it feels that its security researchers have overstated the level of threat against iPhone users.
Last month security researchers at Google’s Project Zero had warned iPhone users of a “sustained effort” of an attack “in the wild” against Apple devices.
The researchers detailed how hackers utilised booby-trapped websites to try and carry out zero-day attacks against visiting iPhone users.
iPhone hack
But Apple has disputed Google’s insistence that it was a large-scale hacking effort that targeted users of Apple devices, and has issued a hard-hitting statement.
“Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February,” said Apple.
“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described,” it said. “The attack affected fewer than a dozen websites that focus on content related to the Uighur community.”
The Uighur are a Muslim community located in central and east China and are at the centre of human right concerns in that region.
And Apple made no attempt to disguise its irritation at Google’s research team’s efforts to make this a more global threat, and not just one affecting a small ethnic community in China.
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real-time,’ stoking fear among all iPhone users that their devices had been compromised,” said Apple. “This was never the case.”
“Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies,” said Apple.
“We fixed the vulnerabilities in question in February – working extremely quickly to resolve the issue just 10 days after we learned about it,” Apple added. “When Google approached us, we were already in the process of fixing the exploited bugs.”
But Google is standing by its research, after Tim Willis, a researcher on the Project Zero team, tweeted that Google’s Threat Analysis Group (TAG) “only saw iOS exploitation on these sites when TAG found them back in Jan 2019 (and yes, they looked for everything else as well)”.
Project Zero
This is not the first time that Google’s Project Zero team has stepped on toes with other tech firms.
The group was set up in 2014 to hunt down vulnerabilities and bugs before they are used in cyberattacks, but its actions have displeased a number of vendors.
In February 2015, Google was forced to defend its policy of automatically publishing zero-day vulnerabilities discovered by its Project Zero team after 90 days, and promised to offer up to two weeks grace if a vendor notifies the search giant that a patch is in the works.
Microsoft, for example, was previously critical of Google for publishing details of two vulnerabilities in 2015 arguing that such disclosures harmed end-users by offering attackers information about potential flaws that could be exploited.
source silicon
Industry: Cyber Security
Latest Jobs
-
- IAM Consultant- One Identity Manager- UK Wide
- Manchester
- Upto £75,000 plus excellent benefits
-
One Identity IAM consultant is needed for this expanding UK based business, you will be responsible for: Developing and Supporting the Identity and Access management system based-on One Identity products Active Roles Server and Identity Manager. Further develop One Identity Manager’s integration with Service Now to provide automated JML processes and application access requests and fulfilment. Work across the business ensuring that the IAM solutions integrates into both the technology and business systems and processes, ideally automating as mush as possible. Work with the Governance Risk & Compliance (GRC) team to provide application access attestations and toxic combination alerting and reporting. Work on a mixture of IAM related projects to help to integrate new ideas and technology into the business to ensure the business stays fully compliant Assist in ensuring that all IAM capabilities are mapped to internal processes, policies, and standards. Develop metrics to measure and improve and also compile reports around the solution If you are interested in this opportunity we are looking for someone who is skilled within Identity Acess management, you will need to have worked with the One Identity product, ideally both Active Roles Server and Identity Manager Experience in managing and integrating with Microsoft systems (on-premise and cloud), such as Active Directory, Exchange, Office, SharePoint, etc.
-
- SailPoint Integration Consultant
- Unknown
- Upto £75000 plus benefits
-
SailPoint Integration Consultant. SailPoint Integration Consultant is needed for this expanding service business to help them with complex deployment with their FTSE focused customer base. They are looking for experienced SailPoint Integration Consultants who have: • Strong solution designing experience with in depth understanding of IAM concepts and thorough understanding of Sailpoint domain. • Thorough understanding of Identity and Access Governance concepts • Leading and creating Identity & Access Management (IAM) technical architecture • Secure by Design principles in Identify Access management, Privilege Access management • Familiar with cloud architectures, data management and source control from a security perspective. This is a great opportunity to join a business that is growing and looking for individuals who want to grow and develop and work on some of the most complex Sailpoint deployments.
-
- CyberArk Integration Consultant
- Greater London
- upto 75,000 plus benefits
-
CyberArk Integration Consultant. CyberArk Integration Consultant is needed for this expanding service business to help them with complex deployment with their FTSE focused customer base. They are looking for experienced CyberArk Integration Consultants who have: • Strong solution designing experience with in depth understanding of IAM concepts and thorough understanding of CyberArk domain. • Thorough understanding of Identity and Access Governance concepts • Leading and creating Identity & Access Management (IAM) technical architecture • Secure by Design principles in Identify Access management, Privilege Access management • Familiar with cloud architectures, data management and source control from a security perspective. This is a great opportunity to join a business that is growing and looking for individuals who want to grow and develop and work on some of the most complex CyberArk deployments.
-
- Penetration Tester, UK based. Ability to achieve SC clearance
- United Kingdom
- 55000
-
Experienced Penetration tester- UK based with the ability to achieve SC clearance. On-going training and development and paid certifications / renewals. Interested to hear from all areas of penetration testing, web app, infrastructure, mobile, etc. MUST have current hands on experience delivering penetration testing. Ideally from a consultancy background with experience working with multiple clients. OSCP / CREST / CHECK / Tigerscheme penetration testing experience / certifications desirable. Apply today for more details. All information kept in the strictest of confidence.