October 2019 • Macworld 5NEWSreports right after the patch about the holes
that were closed. The sites that exploited the
vulnerabilities were targeting an ethnic minority
in China – the Uighur – and also sought to exploit
holes in Android and Windows.
Apple has taken exception with the recent
report, calling it out not for its technical inaccuracy,
but for misrepresenting the scope and scale of
the security flaw and the way it was exploited. In
a statement issued on 6 September, the company
said, “We’ve heard from customers who were
concerned by some of the claims, and we want to
make sure all of our customers have the facts.”
Apple goes on to detail two ways in which it
feels the report was misleading. First, the report
says it will, “share these insights into the real‑
world workings of a campaign exploiting iPhones
en masse”. Apple says the attacks were anything
but “en masse” and only represented a few dozen
websites targeting the Uighur minority community
in China. Apple says this misrepresentation caused
the hundreds of millions of iPhone users around
the world to feel that they were compromised,
when that was never true. “Regardless of the scale
of the attack, we take the safety and security of all
users extremely seriously,” Apple concluded.
Second, the sites were operational for only about
two months, while the report gives the impression
that iPhones were being hacked for two years.
While the vulnerability may have been present in
iOS for two years, it was only found and exploited
among this narrow community for a short period.October 2019 • Macworld 5NEWSreports right after the patch about the holes
that were closed. The sites that exploited the
vulnerabilities were targeting an ethnic minority
in China – the Uighur – and also sought to exploit
holes in Android and Windows.
Apple has taken exception with the recent
report, calling it out not for its technical inaccuracy,
but for misrepresenting the scope and scale of
the security flaw and the way it was exploited. In
a statement issued on 6 September, the company
said, “We’ve heard from customers who were
concerned by some of the claims, and we want to
make sure all of our customers have the facts.”
Apple goes on to detail two ways in which it
feels the report was misleading. First, the report
saysit will,“sharetheseinsightsintothereal‑
world workings of a campaign exploiting iPhones
en masse”. Apple says the attacks were anything
but “en masse” and only represented a few dozen
websites targeting the Uighur minority community
in China. Apple says this misrepresentation caused
the hundreds of millions of iPhone users around
the world to feel that they were compromised,
when that was never true. “Regardless of the scale
of the attack, we take the safety and security of all
users extremely seriously,” Apple concluded.
Second, the sites were operational for only about
two months, while the report gives the impression
that iPhones were being hacked for two years.
While the vulnerability may have been present in
iOS for two years, it was only found and exploited
among this narrow community for a short period.