NEWSafter the patch about the holes that were closed. The
sites that exploited the vulnerabilities were targeting
an ethnic minority in China – the Uighur – and also
sought to exploit holes in Android and Windows.
Apple has taken exception with the recent
report, calling it out not for its technical inaccuracy,
but for misrepresenting the scope and scale of
the security flaw and the way it was exploited. In a
statement issued on 6 September, the company said,
“We’ve heard from customers who were concerned
by some of the claims, and we want to make sure all
of our customers have the facts.”
Apple goes on to detail two ways in which it feels
the reportwas misleading.First, the reportsays it will,
“sharetheseinsightsinto the real‑world workings
of a campaign exploiting iPhones en masse”. Apple
says the attacks were anything but “en masse” and
only represented a few dozen websites targeting the
Uighur minority community in China. Apple says this
misrepresentation caused the hundreds of millions of
iPhone users around the world to feel that they were
compromised, when that was never true. “Regardless of
the scale of the attack, we take the safety and security
of all users extremely seriously,” Apple concluded.
Second, the sites were operational for only about
two months, while the report gives the impression
that iPhones were being hacked for two years. While
the vulnerability may have been present in iOS for
two years, it was only found and exploited among
this narrow community for a short period.
Apple claims that it fixed the exploits within 10
days of learning about them, and that: “When Google