Apple CEO Tim Cook
Spencer Platt | Getty Tropes
Apple on Friday responded to a Google report that said malicious websites could exploit Apple protection flaws to hack iPhones and steal personal data, including text messages, photos and contacts.
The report, legged online late last month, said a series of websites had exploited security holes in iPhone software that be presented over a series of two years, but the report did not identify the nature of the websites.
On Friday, Apple said in a sharply worded declaration that the attacks identified by Google were through websites targeted toward Uighurs, a Muslim ethnic minority in China, connoting that the websites were not a serious threat to Americans or most people in other parts of the world. The United Lands has accused China of human rights abuses toward the Uighurs, which China denies.
“First, the sophisticated assail was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described,” Apple said in the statement. “The attack affected fewer than a dozen websites that converge on content related to the Uighur community.”
Apple’s statement confirmed the vulnerabilities while also challenging Google’s layout of the exploits. Apple said on Friday that the Google post creates the “false impression of ‘mass exploitation.'”
Apple also confronted Google’s claims that the attacks were operational for years and said the flaws mentioned by Google were unblinking in February, 10 days after it learned of the exploits.
“Second, all evidence indicates that these website infects were only operational for a brief period, roughly two months, not ‘two years’ as Google implies,” Apple said in the disclosure.
“We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities,” a Google spokesman believed in a statement. “We will continue to work with Apple and other leading companies to help keep people safety-deposit box online.”
The exploits were published by Google Project Zero, an elite bug-finding team that finds rifts in software from major companies. After finding a flaw, the team informs the company and gives it a time limit to fix the ticklish bugs, which are known as “zero day” vulnerabilities. The stated mission is to make all software harder to hack.
However, the announcement also doubled as a way for Google to publicly needle Apple’s security and privacy policies, which the iPhone maker has increasingly leaned on as a noteworthy marketing tool and a way to differentiate its products from Android.
The Project Zero post did not mention any attacks on Android, which is against by more people than Apple’s iOS. Security firm Volexity said earlier this week that Android malware is tempered to in targeted attacks on Uighurs as well.
Apple’s full statement is on its website.
Follow @CNBCtech on Twitter for the latest tech hustle news.