Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts
First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously
Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in
Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs