Slash Boxes

SoylentNews is people

Submission Preview

Link to Story

Apple Lashes Out After Google Reveals iPhone/iOS Vulnerabilities

Accepted submission by takyon at 2019-09-07 15:05:38

Apple takes flak for disputing iOS security bombshell dropped by Google []

Apple is taking flak for disputing some minor details of last week's bombshell report that, for at least two years, customers' iOS devices were vulnerable to a sting of zeroday exploits [], at least some of which were actively exploited to install malware that stole location data, passwords, encryption keys, and a wealth of other highly sensitive data.

Google's Project Zero said the attacks were waged indiscriminately from a small collection of websites that "received thousands of visitors per week." One of the five exploit chains Project Zero researchers analyzed [] showed they "were likely written contemporaneously with their supported iOS versions." The researcher's conclusion: "This group had a capability against a fully patched iPhone for at least two years."

Earlier this week, researchers at security firm Volexity reported finding 11 websites serving the interests of Uyghur Muslims that the researchers believed were tied to the attacks Project Zero identified []. Volexity's post was based in part on a report by TechCrunch [] citing unnamed people familiar with the attacks who said they were the work of nation—likely China—designed to target the Uyghur community in the country's Xinjiang state.

See also: The stakes are too high for Apple to spin the iPhone exploits []
Apple says Uighurs targeted in iPhone attack but disputes Google findings []

Related: China Forces its Muslim Minority to Install Spyware on Their Phones []
China Installs Surveillance App on Smartphones of Visitors to Xinjiang Region []

Original Submission