Click For Photo: https://media.wired.com/photos/5d72ab9b5e5ccf000996a13d/master/w_2560,c_limit/security_apple_1003318796.jpg
Late Thursday, Google security researchers dropped a bombshell: Someone had launched a sustained attack against iPhone users that compromised their devices almost instantly when they visited certain websites. The campaign forced a fundamental shift in how security professionals think about iOS. And now, after a week of silence, Apple has finally given its side of the story.
In a brief statement, Apple confirmed that the attacks had targeted China's oppressed Uyghur Muslim community, as had previously been reported. But the statement also called out multiple points of contention with how Google characterized the attack.
Attack - Exploit - IPhones - Masse - Described
"First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community," the statement reads. "Google’s post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time,' stoking fear among all iPhone users that their devices had been compromised. This was never the case."
The company also disputed aspects of Google's timeline, saying that the malicious sites were operational for two months, rather than the roughly two years Google had estimated. Apple's statement also says that it had already discovered the vulnerabilities a few days before Google brought them to Apple's attention. "We were already in the process of fixing the exploited bugs," Apple says. The eventual patch went out on February 7 as part of the iOS 12.1.4 update.
Attackers - IOS - Exploits - Abandon
Attackers were using numerous valuable iOS exploits with abandon.
Apple did not, however, dispute the specifics of how the campaign worked. Researchers from Google's elite Project Zero security group identified five different exploit strategies the malicious sites could use to compromise iPhones running almost every version of iOS 10 through iOS 12. The...
(Excerpt) Read more at: Wired
Wake Up To Breaking News!