December 22, 2024
Apple Issues Statement on iOS Exploits Found in the Wild

Apple Issues Statement on iOS Exploits Found in the Wild

Posted September 6, 2019 at 5:14pm by iClarified
Apple has issued a statement addressing a series of iOS exploit chains found in the wild by Google's Threat Analysis Group and Project Zero.

In a blog post last week, Google announced that its Threat Analysis Group (TAG) had discovered a small collection of hacked websites that were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.

Apple says the scale of the attack was far smaller than Google implied.


Here's the full statement...

-----
Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts.

First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.

Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.


Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.

Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.
-----

Please follow iClarified on Twitter, Facebook, or RSS for updates.


Apple Issues Statement on iOS Exploits Found in the Wild
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (2)
You must login or register to add a comment...
Great!
Great! - September 7, 2019 at 1:36am
Where’s Foolgle’s response that those same websites were also attacking Android and Microsoft devices? It wasn’t even targeting just Apple. That whole report was so lopsided and obviously trying to attack just Apple on the day they announced the upcoming 10th Sept Apple event.
1reader
1reader - September 6, 2019 at 7:19pm
“Nothing to see here! Move along!” Yeah right
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS