Apple says Google exaggerated the scope and impact of a recent iPhone hack that came to light.
The Cupertino brand is accusing the Mountain View company of "stoking fear" among iPhone users and creating a "false impression of mass exploitation."
The Security Flaw
Back in August, Google's Project Zero team reported a vulnerability in iOS that exposed users' data — such as location, passwords, and messages, among other things — to hackers when they visited certain malicious websites.
The security researchers said that there wasn't any "target discrimination" and that visiting one of the hacked websites put users at risk of being victims of a "monitoring implant."
Apple Makes It Clear
In a statement, Apple is countering many of the claims that the Project Zero team made. It says that the attack was "narrowly focused" instead of a "broad-based exploit." As the company details, only "fewer than a dozen websites" were affected, all of which were primarily geared toward the Chinese Uighur community. In other words, it's saying that the scale of the attack wasn't as big as it was made out to be.
Apple also says that it was already working on a fix when Google got in touch with it. According to the company, it resolved the vulnerabilities in February, 10 days after it discovered the security flaw.
"Google's post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time,' stoking fear among all iPhone users that their devices had been compromised. This was never the case," Apple writes.
In addition, the iPhone maker explains that the attacks were active only for "roughly two months" and not two years, which Google claims.
To boil things down, Apple is saying that Google made a mountain out of a molehill regarding the security vulnerability in iOS, causing panic among iPhone users.