Apple hit back Friday at a Google research report suggesting iPhones may have been targeted by a long-running hacking operation, calling it inaccurate and misleading.
Apple spokesman Fred Sainz said in a statement the research released by Google created a “false impression” that large numbers of iPhone users may have been compromised.
Sainz said that contrary to what Google claimed, the incident was a “narrowly focused” attack which affected “fewer than a dozen websites that focus on content related to the Uighur community, an ethnic minority in China.
“Regardless of the scale of the attack, we take the safety and security of all users extremely seriously,” he wrote.
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.”
Researchers with Google’s Project Zero security taskforce said last week that an “indiscriminate” hacking operation that targeted iPhones used websites to implant malicious software to access photos, user locations and other data.
“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Project Zero’s Ian Beer.
Sainz said Apple believes that the website attacks were operational for roughly two months, not two years as Google implied.
“We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it,” Sainz said.
“When Google approached us, we were already in the process of fixing the exploited bugs. Security is a never-ending journey and our customers can be confident we are working for them.”