Apple Inc. on Friday confirmed that Uighurs, a minority mostly Muslim group considered a security threat by Beijing, had been the target of attacks due to a set of iPhone security flaws, but disputed its rival Alphabet Inc.’s description of the effort to track users of the smartphone in real time.
Google Project Zero researchers said last week that a collection of five security flaws led to a “sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”
The researchers did not say which communities had been targeted, but CNN, TechCrunch and other news organizations subsequently reported that the attacks had been aimed at monitoring Uighurs. Reuters recently reported that China hacked Asian telecommunications companies to spy on Uighur travelers.
Apple on Friday said the attack “was narrowly focused” and affected “fewer than a dozen websites that focus on content related to the Uighur community” rather than the “en masse” hack of iPhone users described by Google researchers. Apple also said it fixed the issue in February, within 10 days of being notified by Google.
Apple said that evidence suggested the website attacks were operation of only two months, rather than the two years that Google researchers had suggested.
“Google’s post, issued six months after iOS patches were released, creates the false impression of mass exploitation to monitor the private activities of entire populations in real time, stoking fear among all iPhone users that their devices had been compromised,” Apple said in a newsroom post. “This was never the case.”
Google did not immediately have a comment.
Google and Apple are rivals in the smartphone market, where their iOS and Android operating systems vie for users. But Google’s Project Zero team of researchers is focused on finding serious security flaws from a wide range of software and hardware firms, not solely Apple. Last year the group played a key part in finding security flaws in chips made by Intel Corp