Last week we reported about iOS vulnerabilities that Google had found back in February and how those vulnerabilities were used by Chinese governments to target Uighur Muslims in its country. Today Apple has published a press release offering its version of the story.
Apple says the attack was “narrowly focused” and affected less than a dozen websites that were offering content focused on China’s Uighur community. Apple also claims that Google’s assertion that the attack was used for mass exploitation of the whole Uighur community and for monitoring private activities of the entire popular in real-time is false.
This is what we reported about the attack last week.
However just days after the details of the exploit were shared publicly by Google’s Project Zero researchers, TechCrunch is reporting that the same vulnerability was being used by China to target Uyghur Muslims in its country. The website’s sources claims that the malicious websites were part of a state-backed attack on the country’s Muslim minority that resides in the Chinese autonomous region of Xinjiang.
Once an iPhone was infected Chinese government could allegedly look at the target’s private data including their messages, passwords and location.
Apple has also clarified that the websites based attack was used for roughly two months as opposed to two years as claimed in Google’s blog post. After Apple was made aware of the vulnerability it says it worked to resolve the issue “extremely quickly” and pushed out fixes in just 10 days.
Interestingly Apple also says that it was already working on fixing the exploits even before Google has approached them. Google claimed Apple acted after they made them aware of the vulnerability.
Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.
Apple has started the press release by noting how media coverage on iOS vulnerabilities has prompted a response from its customers who are showing concern about the claims, and the company is issuing this statement to for its customers.
You can read the full press release on this matter from Apple here.