Last week, Google’s Project Zero reported on a major security flaw on iOS, revealing that iPhones running iOS 10 to iOS 12 were open to messages, images, and location data being hacked through a web-based exploit. Now, however, Apple is depending itself — and seems to have some pretty major issues with Google’s findings.
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised,” Apple wrote in a statement released Friday. “This was never the case.”
According to Apple, the flaws affected less than a dozen websites and specifically focused the Uighur community, so the vast majority of users never had any cause for concern. Not only that, but Apple says that the flaws were only operational for around two months, and not two years, as Google claims in its original post.
According to Apple, the issue was resolved 10 days after the company first learned of its existence. The issue was patched in iOS 12.1.4, which was released in February — so most iPhone users should have a secure enough iPhone to avoid any hacks related to this specific flaw. Apple also said that only 12 percent of iPhone users are running operating systems older than iOS 12.
“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities,” said a Google spokesperson in an emailed statement to Digital Trends. “We will continue to work with Apple and other leading companies to help keep people safe online.”
The exploit itself was related to a flaw in Safari, and hackers were able to take advantage of that flaw to load malware onto an iPhone. Not only that, but simply going to an affected website was enough to infect a device, after which hackers had access to a range of information — including messages from apps like WhatsApp, location data, and more. Even copies of emails could be taken without the user’s knowledge.
Despite Apple’s defense, the fact is that the exploit did still exist — and while it may not have reached all that many users, it definitely could have. It’s important to remember that even iPhones have security flaws, despite what Apple may want you to believe.
Updated on September 6, 2019: Added Google’s statement.
