Click to Skip Ad
Closing in...

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple calls Google’s Project Zero report on iOS malware misleading

Published Sep 6th, 2019 4:28PM EDT
iPhone Security
Image: Zach Epstein, BGR

About a week ago, security researchers from Google’s Project Zero team provided us with details of an extremely sophisticated malware attack targeting China’s Uyghur Muslim community. Through a chain of zero-day exploits, iPhone owners who visited infected websites often frequented by the Uyghur community had malware installed onto their devices. From there, the malware was able to collect user photos, private messages, and even GPS location data in real-time.

In response to the original Project Zero report, Apple today issued an official response which seemingly categorizes Project Zero’s report as alarmist. Put simply, Apple doesn’t’ deny that the malware existed, but takes issue with the extent of the issue. For instance, the original Project Zero report claims that the infected websites in question were operational for two years. Apple denies this and claims that they were only operational for two months.

Apple’s statement reads in part:

First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.

Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.

Apple also makes a point of noting that it patched the iOS vulnerabilities in question just 10 days after Google researchers reached out to them. Additionally, Apple claims that it was working on fixing the security loopholes before Google even contacted them. At this point, it remains unclear if another third-party alerted Apple to the vulnerabilities or if they were unearthed by Apple engineers.

It’s also worth noting that the malware attack in question didn’t solely target iPhone users. On the contrary, the malware was quite expansive and targeted Android devices along with Windows PCs.

Interestingly, it didn’t take long for Google to respond to Apple’s response. In a statement provided to The Verge, the search giant said the following:

Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.

More Tech

Latest News