In a temporary statement, Apple confirmed that the attacks had targeted China’s burdened Uyghur Muslim community, as had antecedent been rumoured. However, the statement conjointly known as out multiple points of rivalry with however Google characterized the attack. First, the sophisticated attack was narrow targeted, not a broad-based exploit of iPhones ‘en masse’ as described. The attack affected fewer than a dozen websites that focussed on content related to the Uighur community. Google’s post, issued six months after iOS patches were released, created the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real-time’ was a concern among all iPhone users that their devices had been compromised. This was never the case said Apple.
The company also disputed aspects of Google’s timeline, expressing that the malicious sites were operational for two months, rather than the roughly two years Google had estimated. Apple’s statement conjointly says that it had already discovered the vulnerabilities a couple of days before Google brought them to Apple’s attention. The ultimate patch went out on February 7 as part of the iOS 12.1.4 update. Apple did not dispute the specifics of how the campaign worked. Researchers from Google’s elite Project Zero security group identified five different exploit strategies the malicious sites could use to compromise iPhones running almost every version of iOS 10 through iOS 12. The sites might use victim devices and then infect them, if possible, with powerful monitoring malware. Security specialists have long assumed that iPhone hacks target very specific, high-value victims because iOS vulnerabilities that can provide such deep system access to attackers are too rare and prized to risk revealing in mass campaigns. In this situation, though, attackers were using numerous valuable iOS exploits with abandon, shifting that established paradigm. The attackers reportedly targeted Microsoft Windows and Android devices as well.