Earlier this year, Google’s Zero-Day Team discovered six security flaws in Apple’s latest iOS update, allowing users to easily jailbreak their phones and hackers to remotely hack a victim’s phone through iMessage. In other words, Apple messed up big time.
But Apple came in with the clutch, patching the vulnerabilities within the timeline the zero-day team gave them, AKA 7 days. However, Apple messed up again this August when an iOS update reopened a few of these flaws.
Of course, the zero-day team caught whiff of this and put Apple on blast, urging the company to fix it as soon as possible. Fortunately they did with iOS update 12.4.1. But Apple isn’t happy with Google and they are not afraid to show it.
Google’s Zero-Day Team
Before we dive in to Apple’s mini-tantrum, it’s important to understand the job of the zero-day team. Google’s zero-day team is a group of security experts dedicated to finding and reporting security exploits, vulnerabilities and vice versa. Once reported, the company responsible for the security issue–in this case, Apple–is given a strict deadline to fix the issue. If not fixed within this deadline, the issue will be made public.
We witnessed this earlier this year, when Microsoft ignored the team’s 90-daydeadline to fix a major Windows security exploit, forcing the team to release the report on the security flaw.
But Apple fixed the issue, so what’s the big deal? What’s caused Apple to take shots at Google over a fixed issue?
A Case of Exaggeration
See, the security flaw that popped back up last month was one exploitable through the iPhone’s Safar browser. Some sites slipped malware into the phone, allowing access to password wallets and other personal information; so, pretty big deal. However, as we’ve stated, Apple fixed this already, but Apple thinks the true issue is Google’s presentation of the security flaw.
Apple believes Google exaggerated the dangers of the security flaw, causing unnecessary hysteria in the iPhone community. In Apple’s own words,
“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised,” says Apple. “This was never the case.”
I sympathize with Apple, as the company has worked hard to build an aura of trust and security around their products, so an exaggeration of security issues is a big deal. However, I can’t necessarily fault Google either, as the former exploit was a major security flaw that could cause tons of damage if wielded by the right hacker. In my opinion, both companies are overreacting to each other, but Apple more so;No one is going to trade in their iPhone because of a security flaw that was patched a month ago.
Google doesn’t seem too fazed about Apple’s tantrum either, claiming “We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.”
Users can’t fix or avoid every security issue that exists, and when it comes to these issues, the developers/manufacturers are responsible for fixing them. After all, my Mac’s VPN won’t keep my password wallet from being hacked into if those websites truly were able to download malware on it without me knowing.
In the end, I see this feud as nothing but a ‘he said, she said’ situation. Did Google exaggerate the severity of the issue? Maybe, who knows? Is Apple overreacting over a news story that received almost no air time? I believe so, though your view may differ. What’s important is that these companies continue to improve their security and fix these exploits, even if the next news cycle has to be filled with petty arguing.