Skip to Content

Apple Accuses Google of ‘Stoking Fear Among All iPhone Users’ Over Its Recent Account of an iOS Hack

Apple issued a rebuttal Friday to a recent report by Google's Project Zero that a massive iPhone hack had potentially compromised thousands of iPhone users per week over the past two years.

"Google’s post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time,' stoking fear among all iPhone users that their devices had been compromised," the statement reads, in part. "This was never the case."

Project Zero, a team of Google security analysts, detailed last Thursday an elaborate iPhone hack that took advantage of a series of vulnerabilities. In a blog post, they outlined an exploit that simply involved iPhone users visiting a website, which installed monitoring implant on the users' devices that potentially let hackers see real-time GPS locations and steal data, including messages and photos. Apple issued a security patch for the vulnerability in February, days after Project Zero had alerted the iPhone-maker to the issue.

On Friday, Apple refuted Google's account of the scale and length of the attack.

"The sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described," says the statement. Apple claims the attack affected less than a dozen websites focused on the Uighur community, a Muslim minority group predominately found in China. Google's account did not provide a specific number of websites affected by the exploit, instead describing them as "small collection" and saying the websites received thousands of visitors weekly.

"Regardless of the scale of the attack, we take the safety and security of all users extremely seriously," Apple's statement says.

In a more explicit rebuttal, the Android competitor says evidence shows the issue spanned a two-month period, not two years as Google's post has alleged. According to Project Zero, the issue was a problem for iPhones running software from iOS 10 through the current version iOS 12.

Apple says it was already working on the bug fix before Google even alerted the iPhone maker to the problem. The company says it fixed the bug in February, "just 10 days after we learned about it." Project Zero's account says it made Apple aware of the exploit on Feb.1, and it was patched on Feb. 7 with the release of iOS 12.1.4.

Apple says it issued its statement directly addressing Google's claims after hearing consumers' concerns about the scale of the attack and whether their phones were safe. To protect your iPhone from this vulnerability, make sure it's up-to-date with the latest version of iOS.

More must-read stories from Fortune:

—Apple’s planned iPhone unveiling overshadows other big news
Apple Card review: A (mostly) rewarding way to pay—Apple’s AirPods business is bigger than you think
—How to protect yourself against a newly revealed iPhone hack
—Someday, Apple may make your new iPhone out of pieces of your old iPhone
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.