Apple is separating the new smartphones into its usual low-cost versus high-cost categories, with big differences between the two models coming down to the camera, display, and battery life.
iOS 13 & watchOS 6 Now Available
Apple Disputes Some Details of Google's Project Zero Report on iOS Security Vulnerabilities [Updated]
Google's Project Zero last week shared details about multiple serious iOS vulnerabilities that allowed malicious websites to access a victim's phone. There were a total of 14 vulnerabilities that were being exploited, and while those have now been fixed, some of the security holes were abused for several years.
Apple today responded to Google's Project Zero blog post in an effort to address customer concerns with all of the facts.
Apple says the attack was "narrowly-focused" rather than a broad-based exploit of iPhones as described. Fewer than a dozen websites targeting Uighur Muslims were affected, according to Apple. Further, Apple says that Google created a false impression of mass exploitation, causing fear among iPhone owners.
Google also got the length of the attacks wrong. Apple says the websites were operational for approximately two months rather than two years, with the vulnerabilities fixed 10 days after Apple learned about them. Fixes were already in the works when Google approached Apple.
Apple's full letter is included below:
Google believes thousands of visitors accessed these websites per week over two years, with the vulnerability present in iOS 10, iOS 11, and iOS 12. Apple addressed the issues in iOS 12.1.4 back in February 2019.
In a statement to The Verge, Google said that it stands by its original report despite Apple's comments.
Apple today responded to Google's Project Zero blog post in an effort to address customer concerns with all of the facts.
Apple says the attack was "narrowly-focused" rather than a broad-based exploit of iPhones as described. Fewer than a dozen websites targeting Uighur Muslims were affected, according to Apple. Further, Apple says that Google created a false impression of mass exploitation, causing fear among iPhone owners.
Google also got the length of the attacks wrong. Apple says the websites were operational for approximately two months rather than two years, with the vulnerabilities fixed 10 days after Apple learned about them. Fixes were already in the works when Google approached Apple.
Apple's full letter is included below:
Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We've heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts.According to Google, the websites in question that targeted iPhone users were able to steal private data like messages, photos, and GPS location in real time with little effort after a visitor went to an infected website.
First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones "en masse" as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.
Google's post, issued six months after iOS patches were released, creates the false impression of "mass exploitation" to "monitor the private activities of entire populations in real time," stoking fear among all iPhone users that their devices had been compromised. This was never the case.
Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not "two years" as Google implies. We fixed the vulnerabilities in question in February -- working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.
Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they're found. We will never stop our tireless work to keep our users safe.
Google believes thousands of visitors accessed these websites per week over two years, with the vulnerability present in iOS 10, iOS 11, and iOS 12. Apple addressed the issues in iOS 12.1.4 back in February 2019.
In a statement to The Verge, Google said that it stands by its original report despite Apple's comments.
Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.
[ 227 comments ]
Top Rated Comments
(View all)
2 weeks ago
Apple is just spinning their standard "a small number of customers were affected" narrative
If they genuinely disagreed with Google's claims they'd lawyer up
If they genuinely disagreed with Google's claims they'd lawyer up
2 weeks ago
“Don’t be evil...” unless it’s an opportunity to trash your strongest competitor, then go head and lie, fabricate stuff, misstate and exaggerate.
2 weeks ago
And now we know why Google didn’t release a list of the websites affected, and why they waited until right before the iPhone 11 release to talk about it.
2 weeks ago
Hope Apple does this to google. Finds vulnerabilities and work their propaganda to hurt Google
I hope they don’t. It’s very unethical. However if it was at all intentional on Google’s part I hope it gets included in their various on-going anti trust investigations.
2 weeks ago
While I generally think Apple is one of the most ethical corporations ATM, I’m not sure who to believe.
If Apple’s right, then Google’s misrepresentations are damaging, bordering on libel coming from a close competitor. Their reports did a lot of damage to the narrative that iOS is more secure than Android (not that Android hasn’t come a long way).
If Apple’s right, then Google’s misrepresentations are damaging, bordering on libel coming from a close competitor. Their reports did a lot of damage to the narrative that iOS is more secure than Android (not that Android hasn’t come a long way).
2 weeks ago
#clapback
(Seriously, though, talk about a real dick move on Google's part. I agree, borderline libel.)
(Seriously, though, talk about a real dick move on Google's part. I agree, borderline libel.)
2 weeks ago
Hope Apple does this to google. Finds vulnerabilities and work their propaganda to hurt Google
2 weeks ago
Hope Apple does this to google. Finds vulnerabilities and work their propaganda to hurt Google
Apple spreads tons of FUD, constantly saying their competitors sell user data. Apple carefully words their attacks to not specifically name google but say competitors.
2 weeks ago
When Google approached us, we were already in the process of fixing the exploited bugs.
And there is the key statement. In short, Project Zero just made themselves look useless.
[ Read All Comments ]
Burst Mode refers to when the camera on your iPhone captures a series of photos in rapid succession, at a rate of ten frames per second. It's a great way to shoot an action scene or an unexpected...
Apple's Portrait Mode has become a popular way of taking impressive shots using a depth-of-field effect known as bokeh, allowing iPhone users to shoot a photo that keeps the subject sharp with a...
Apple has redesigned the native Camera app on the iPhone 11 and iPhone 11 Pro to make space for the various additional shooting options available in its new flagship phones, and one particularly...
Apple's massive launch week has come to a close, with the iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, and Apple Watch Series 5 all debuting on Friday. And as if that wasn't enough, Thursday...
With the arrival of the iPhone 11, iPhone 11 Pro and iPhone 11 Pro Max, Apple has introduced an optional new camera feature in iOS 13 that's designed to allow you to correct the alignment of...
For this week's giveaway, we've teamed up with AnyTrans to offer MacRumors readers a chance to win one of Apple's new iPhone 11 Pro Max devices and a lifetime AnyTrans license.
For...
Due to Apple seeding the iOS 13.1 beta prior to the public release of iOS 13, upgrading to a new iPhone may be a bit trickier this year.
In a support document, Apple has provided instructions...
Apple today the golden master version of an upcoming tvOS 13 update to developers, one week after seeding the eleventh beta and more than three months after unveiling the tvOS 13 software at the...
