Apple is taking flak for disputing some minor details of Google’s bombshell report. Google claimed that for at least two years many iOS devices were vulnerable to a string of zero-day exploits. Some of these devices were actively exploited to install malware that stole location data, passwords, encryption keys, and a wealth of other highly sensitive data.
Google’s Project Zero said the attacks were waged indiscriminately from a small collection of websites that “received thousands of visitors per week.” One of the five exploit chains Project Zero researchers analyzed showed they “were likely written contemporaneously with their supported iOS versions.” The researcher’s conclusion: “This group had a capability against a fully patched iPhone for at least two years.”
For a week, Apple said nothing about any of the reports. Then on Friday, it issued a statement that critics are characterizing as tone-deaf for its lack of sensitivity to human rights and an overfocus on minor points. Apple wrote that ‘Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real-time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.’