Last week, Google researchers confirmed they had found 14 vulnerabilities in Apple's iOS, resulting in a "sustained effort to hack the users of iPhones in certain communities over a period of at least two years." Analysts for Google's Project Zero said that a collection of compromised websites had been used to attack iPhones running iOS 10 to iOS 12; the sites in question were embedded with malware that could steal private data—including iMessages and real-time GPS locations—whenever they were accessed with an iPhone.
"There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant," the report read. "We estimate that these sites receive thousands of visitors per week."
Apple responded to the findings in a blog post Friday, reassuring customers the security flaws had been fixed within 10 days after its team had become aware of the hacking scheme. The company also claimed that the iPhone attack was "narrowly focused" and not as serious as Google had made it out to be. Apple then suggested its competitor had purposely misled the public in an attempt to weaken customer trust.
"First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.
Google’s post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time,' stoking fear among all iPhone users that their devices had been compromised. This was never the case.
Though Google's report did not specify which communities were affected by the hacking scheme, TeleTech later reported that the Uighurs, an oppressed ethnic Muslim group in China, were the targets.
Google defended its report in a statement to Wired:
Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.