Apple issues statement refuting Google's 'false impression' of iOS security [u]

24

Comments

  • Reply 21 of 61
    sflocalsflocal Posts: 6,092member
    Meanwhile, in the back room's of Google, management are high-fiving each other for distracting the public from looking away from the most insecure OS which is Android.  On OS so insecure that it is accepted as such in the industry.

    Good job Google.
    lostkiwiStrangeDaysmacpluspluspscooter63watto_cobra
  • Reply 22 of 61
    MacProMacPro Posts: 19,718member
    lkrupp said:
    Google just responded to Apple’s rebuttal with “We stand behind our report.” So someone is lying. Who? 
    mmmm...  let me think, this is a hard one ... /s
    (edited  just in case someone thought I was being serious)
    edited September 2019 cornchipwatto_cobra
  • Reply 23 of 61
    gatorguygatorguy Posts: 24,176member
    lkrupp said:
    Google just responded to Apple’s rebuttal with “We stand behind our report.” So someone is lying. Who? 
    See post 18. Neither one? 
  • Reply 24 of 61
    I do cybersecurity research on iOS and participate in the Apple Bug Bounty program and send bug reports quite often. Apple has the best mobile operating system and is by far superior to android. Besides the affirmation of how much of an Apple fan boy I am, I know some things about google that very few people know about. They are definitely not the knight in shining armor here but more like the fireman who puts his own fires out. Apple is p*ssed for a very valid reason lol a real shocker. Re: Google//Read news lately?? 
    lostkiwimacplusplusjdb8167cornchipwatto_cobra
  • Reply 25 of 61
    1348513485 Posts: 343member
    lkrupp said:
    Google just responded to Apple’s rebuttal with “We stand behind our report.” So someone is lying. Who? 
    Well, Bloomberg-BusinessWeek still "stands behind" its "Chinese / Super Micro spying chips" in Apple servers, etc.  Standard PR response regardless of truth.
    lostkiwipscooter63FileMakerFellerwatto_cobra
  • Reply 26 of 61
    lkrupp said:
    Google just responded to Apple’s rebuttal with “We stand behind our report.” So someone is lying. Who? 
    Well I know which company I trust more, and it isn’t the one that leaked this report. 
    watto_cobra
  • Reply 27 of 61
    mretondo said:
    mjtomlin said:
    Good for Apple.

    The importance of Google’s Project Zero cannot be overstated, but the handling of this issue was sloppy and irresponsible. It’s now obvious this was little more than a smear campaign against Apple as the issue was not only fixed in a timely manner 6 months ago, but singling out iOS as the only target was disingenuous when vulnerabilities in Windows and Android were exploited as well.

    There is no way the Project Zero team did not know ALL the facts of this “attack” and it’s apparent that Google marketing must’ve stepped in and decided to publicly disclose only certain aspects to disparage iOS.
    Yeah! Google really blew there credibility by not mentioning that Android had the same exploit.
    Except that it didn't.

    This particular hack was extremely complex (please read the report), and worked on iOS only. No doubt the Chinese tried to attack an probably managed to attack Android as well, but there are no credible reports (that I have heard of).
  • Reply 28 of 61
    IreneW said:
    mretondo said:
    mjtomlin said:
    Good for Apple.

    The importance of Google’s Project Zero cannot be overstated, but the handling of this issue was sloppy and irresponsible. It’s now obvious this was little more than a smear campaign against Apple as the issue was not only fixed in a timely manner 6 months ago, but singling out iOS as the only target was disingenuous when vulnerabilities in Windows and Android were exploited as well.

    There is no way the Project Zero team did not know ALL the facts of this “attack” and it’s apparent that Google marketing must’ve stepped in and decided to publicly disclose only certain aspects to disparage iOS.
    Yeah! Google really blew there credibility by not mentioning that Android had the same exploit.
    Except that it didn't.

    This particular hack was extremely complex (please read the report), and worked on iOS only. No doubt the Chinese tried to attack an probably managed to attack Android as well, but there are no credible reports (that I have heard of).
    From what others are reporting, these exact exploits are iOS but there were others for the other platforms, conveniently left out of the original Google press release, itself released six months after the facts, and at the same time as recent Android exploits becoming public. Can you say deflection? I knew you could.  
    edited September 2019 cornchipwatto_cobra
  • Reply 29 of 61
    mjtomlinmjtomlin Posts: 2,673member
    lkrupp said:
    Google just responded to Apple’s rebuttal with “We stand behind our report.” So someone is lying. Who? 

    No one is lying.

    Google is standing behind the validity of the blog, which is in fact accurate. No one is denying that. The exploit described in the blog is iOS only.

    The issue is that what comes across in the blog is that ONLY iOS devices were targeted by the websites and that a vast majority of iOS users were vulnerable for years and still are. That last part is why this issue has gone “viral”. It’s this perception that since this blog article was just written, the vulnerability is still being exploited and that iOS users need to panic.

    Like I said, it’s irresponsible for Google to let this spread like it did.
    edited September 2019 pscooter63gilly33watto_cobra
  • Reply 30 of 61
    FolioFolio Posts: 698member
    You could tell by the timing-- week before Apple's big day-- that other motives at play. Tisk tisk Larry and Sundar. Don't be surprised if your TAC rises next Q.
    watto_cobra
  • Reply 31 of 61

    "Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online," a Google spokesperson said.

    Updated with statement from Google.
    OK continue to “advance your understanding” and to stand by your “in-depth research” to publish those on a blog post instead of a peer-reviewed journal. Just be careful to not harm brands and to not terrorize smartphone users during your efforts to advance your understanding..
    edited September 2019 firelockwatto_cobra
  • Reply 32 of 61
    jungmarkjungmark Posts: 6,926member
    Apple and other leading companies to help keep people safe online”

    They could have explicitly mention itself as being vulnerable too. 
    gilly33watto_cobra
  • Reply 33 of 61
    gatorguygatorguy Posts: 24,176member
    IreneW said:
    mretondo said:
    mjtomlin said:
    Good for Apple.

    The importance of Google’s Project Zero cannot be overstated, but the handling of this issue was sloppy and irresponsible. It’s now obvious this was little more than a smear campaign against Apple as the issue was not only fixed in a timely manner 6 months ago, but singling out iOS as the only target was disingenuous when vulnerabilities in Windows and Android were exploited as well.

    There is no way the Project Zero team did not know ALL the facts of this “attack” and it’s apparent that Google marketing must’ve stepped in and decided to publicly disclose only certain aspects to disparage iOS.
    Yeah! Google really blew there credibility by not mentioning that Android had the same exploit.
    Except that it didn't.

    This particular hack was extremely complex (please read the report), and worked on iOS only. No doubt the Chinese tried to attack an probably managed to attack Android as well, but there are no credible reports (that I have heard of).
    There may have been a partial truth in the claim that Android was targeted too. Of the 11 identified watering-hole sites "Volexity('s) post said one of the sites also appeared to exploit an Android vulnerability that stopped working in 2017 with the release of Chrome 60.
    edited September 2019
  • Reply 34 of 61
    Rayz2016Rayz2016 Posts: 6,957member
    Such a shame to see corporate greed tarnish what was a hugely valuable service to Apple and its customers. 

    Google to frame the report in such away as to attack a competitor. I guess we shouldn’t be all that surprised. 
    watto_cobra
  • Reply 35 of 61
    knowitallknowitall Posts: 1,648member
    Googles Alphabet is FUD.  
    watto_cobra
  • Reply 36 of 61
    MplsPMplsP Posts: 3,911member
    Rayz2016 said:
    Such a shame to see corporate greed tarnish what was a hugely valuable service to Apple and its customers. 

    Google to frame the report in such away as to attack a competitor. I guess we shouldn’t be all that surprised. 
    It’s not just a service to Apple users, it’s a service to all users, but I completely agree - Google’s press release had significant factual and contextual omissions and seemed more designed to give negative PR to Apple than to provide useful information or improve security. 

    A few years ago I listened to a webinar on security given by a women who headed network security for the investment firm i use. One of the points she made was that although the different banks and brokerage firms may be in competition with each other, there was an unwritten agreement of cooperation between them when it came to security. No one bragged that their security was better than the others’, and whenever a vulnerability was discovered they shared it with other banks. They actually had the wisdom to realize that they were all vulnerable, working together provided a better outcome for everyone, and ultimately, better security benefits everyone. 
    gatorguyorthorimFileMakerFellerwatto_cobra
  • Reply 37 of 61
    gatorguygatorguy Posts: 24,176member
    MplsP said:
    Rayz2016 said:
    Such a shame to see corporate greed tarnish what was a hugely valuable service to Apple and its customers. 

    Google to frame the report in such away as to attack a competitor. I guess we shouldn’t be all that surprised. 
    It’s not just a service to Apple users, it’s a service to all users, but I completely agree - Google’s press release had significant factual and contextual omissions and seemed more designed to give negative PR to Apple than to provide useful information or improve security. 

    A few years ago I listened to a webinar on security given by a women who headed network security for the investment firm i use. One of the points she made was that although the different banks and brokerage firms may be in competition with each other, there was an unwritten agreement of cooperation between them when it came to security. No one bragged that their security was better than the others’, and whenever a vulnerability was discovered they shared it with other banks. They actually had the wisdom to realize that they were all vulnerable, working together provided a better outcome for everyone, and ultimately, better security benefits everyone. 
    Exactly.
  • Reply 38 of 61
    gatorguygatorguy Posts: 24,176member
    ArsTechnica offers a good viewpoint on Apple's response, one worth considering even if some certain members might not appreciate it being stated as such:
    https://arstechnica.com/information-technology/2019/09/apple-takes-flak-for-disputing-ios-security-bombshell-dropped-by-google/

    "...For a week, Apple said nothing about any of the reports. Then on Friday, it issued a statement that critics are characterizing as tone-deaf for its lack of sensitivity to human rights and an overfocus on minor points...."
    edited September 2019
  • Reply 39 of 61
    maestro64maestro64 Posts: 5,043member
    This is not the first time Google engineers published miss leading information. Back in the early 2000's they published data about HDD reliability which was completely misleading and made Seagate look bad and cost them business for a time. However when anyone who had clue about reliability data and analysis you could tell the Google engineers had no clue what they were doing. Seagate fought back and put out statements about where Google data was wrong and Google refused to say they made a mistake.
    matrix077watto_cobra
  • Reply 40 of 61
    It's worriesome that the only reason this wasn't a bigger issue was the Chinese govt using it to target a minority population that it wants under surveillance. I'm not confident ad networks have sufficient controls if the attacking party wanted to go big and take advantage of widespread distribution channels. Yes it would have been caught faster but world have hit far more devices.

    Not sure it's a great look to say it wasn't that big a deal only because the attacker had narrow goals.
    FileMakerFellerwatto_cobra
Sign In or Register to comment.