Apple Disputes Some Details of Google’s Project Zero Report on iOS Security Vulnerabilities

Google’s Project Zero last week shared details about multiple serious iOS vulnerabilities that allowed malicious websites to access a victim’s phone. There were a total of 14 vulnerabilities that were being exploited, and while those have now been fixed, some of the security holes were abused for several years.

Apple today responded to Google’s Project Zero blog post in an effort to address customer concerns with all of the facts.

Apple says the attack was “narrowly-focused” rather than a broad-based exploit of iPhones as described. Fewer than a dozen websites targeting Uighur Muslims were affected, according to Apple. Further, Apple says that Google created a false impression of mass exploitation, causing fear among iPhone owners.

Google also got the length of the attacks wrong. Apple says the websites were operational for approximately two months rather than two years, with the vulnerabilities fixed 10 days after Apple learned about them. Fixes were already in the works when Google approached Apple.

Apple’s full letter is included below:

Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts.

First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.

Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.

Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.

Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.

According to Google, the websites in question that targeted iPhone users were able to steal private data like messages, photos, and GPS location in real time with little effort after a visitor went to an infected website.

Google believes thousands of visitors accessed these websites per week over two years, with the vulnerability present in iOS 10, iOS 11, and iOS 12. Apple addressed the issues in iOS 12.1.4 back in February 2019.

This article, “Apple Disputes Some Details of Google’s Project Zero Report on iOS Security Vulnerabilities” first appeared on MacRumors.com

Discuss this article in our forums

MacRumors-All?d=6W8y8wAjSf4 MacRumors-All?d=qj6IDK7rITs

Related posts

Latest posts

Apple’s first foldable iPhone might disappoint some because of its screen size

Are you thinking about getting Apple's first foldable iPhone? You might have to give up something big.

Fitbit freefall! Snag a Charge 6 for its lowest price in months during Amazon’s Presidents’ Day sale

The top-rated Fitbit Charge 6 just scored its first real discount of 2025 during Amazon's Presidents' Day sale.

OnePlus not launching the Open 2 is a massive win for Samsung

OnePlus isn't launching the Open 2 at all, and that means Samsung has no real rivals to the Galaxy Z

Only Apple can save foldables now

OnePlus announced that the Open 2 would not be released this year, leaving just Google and Samsung in North America.

Duolingo’s Duo the Owl and other characters are being taken out, one by one

Duolingo's owl mascot is dead and the company seems to be desperately looking for the culprit.

The Galaxy S25 Ultra retails for $1,300. Penny-pinching over the S Pen just looks bad

Pissing off your most loyal users to save a few dollars to piss off your most loyal fans is a

iPhone 17 Air Could Look Like This in Real Life

There have been several alleged leaked details of the iPhone 17 Air, Apple's rumored new slim iPhone, but images have

WhatsApp Rolls Out Customizable Chat Themes and Colorful Bubbles

WhatsApp has announced the introduction of chat themes, giving users the freedom to personalize their conversations using custom colors for

Apple Intelligence Plan for China Detailed in New Report

Apple is working to bring its AI features to China as early as May, with Alibaba and Baidu acting as

Netflix Content Begins Appearing in Apple TV App for Some Users

Netflix appears to have softened its stance on Apple TV integration, with some users in the US now reporting seeing