Apple on Friday confirmed that China’s Uighurs, a mostly Muslim minority group considered a security threat by Beijing, had been the target of attacks due to iPhone security flaws.
The flaws were reported last week by Google Project Zero researchers, who are focused on finding serious security flaws from a wide range of software and hardware firms. They said that the security holes in iOS had led to a “sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”
Apple disputed that claim, saying that the attack “was narrowly focused” and affected “fewer than a dozen websites that focus on content related to the Uighur community” rather than the “en masse” hack of iPhone users described by Google researchers. Apple also said it fixed the issue in February, within 10 days of being notified by Google.
Apple said evidence suggested that the website attacks lasted only two months, rather than the two years that Google researchers had suggested.
“Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised,” Apple said. “This was never the case.”
Responding to Apple, Google on Friday said it stood by its findings and would continue to work with Apple and other companies to find and fix flaws.
“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies,” Google said in statement. “We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities.”