Apple issues a statement

Apple refuted claims made by Google's security researcher that iPhones were hackable for years due to software flaws in iOS. A few days ago, Google published a blog post about vulnerabilities in iOS that Apple patched in February earlier this year. Responding to Google's blog post, Apple issued a statement saying that it heard from customers who were concerned about claims made by Google. Apple clarified that 'the sophisticated attack was narrowly focused' unlike a wider exploit of iPhones as described by Google. Apple stated that the attack affected less than a dozen websites focusing on content pertaining to the Uighur community.

"Regardless of the scale of the attack, we take the safety and security of all users extremely seriously," Apple statement reads.

Google claims iPhones were hackable for years due to software flaws

Furthermore, the statement continued that Google published its blog post six months after Apple released iOS patches. Apple also slammed Google, saying that it creates 'false impression' of mass exploitation. Apple also said that Google's blog post stokes fear among iPhone users that the security of their devices had been compromised. Apple also said that Google created false impressions of compromise to the privacy of iPhone users in real-time.

"All evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs," Apple added.

Apple Music web interface launched, Here's what it looks like

What was the issue?

Towards the end of August, a security researcher at Google's Project Zero division claimed that certain malicious websites could compromise the security of the victim's iPhone. As per Google, the flaw could be exploited by visiting those websites. If exploited, those websites could also hack into the iPhone. Google claimed that the hack was possible by exploiting previously undiscovered security vulnerabilities in iOS. 

Google Project Zero team said that the company's Threat Analysis Group (TAG) found out certain compromised websites. Security researchers at Google said that they collected five iPhone exploit chains between iOS 10 and iOS 12, suggesting that a group of hackers could have targetted iPhone users for two years or so. Google had said that it reported issues to Apple with a 7-day deadline on 1st February. Google also noted that Apple then released the iOS 12.1.4 patch on 7th February 2019.